1. Home
  2. Weaknesses
  3. CWE-346

CWE-346: Origin Validation Error

ID CWE-346
Abstraction Class
Structure Simple
Status Draft
Number of CVEs 267
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product does not properly verify that the source of data or communication is valid.

Modes of Introduction

Phase Note
Architecture and Design
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-345 Insufficient Verification of Data Authenticity Class Simple Draft
CWE-1003 Weaknesses for Simplified Mapping of Published Vulnerabilities Incomplete CWE-345 Insufficient Verification of Data Authenticity Class Simple Draft
CWE-1000 Research Concepts Draft CWE-284 Improper Access Control Pillar Simple Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-21 Exploitation of Trusted Identifiers CWE-346
CAPEC-59 Session Credential Falsification through Prediction CWE-346
CAPEC-60 Reusing Session IDs (aka Session Replay) CWE-346
CAPEC-75 Manipulating Writeable Configuration Files CWE-346
CAPEC-76 Manipulating Web Input to File System Calls CWE-346
CAPEC-89 Pharming CWE-346
CAPEC-111 JSON Hijacking (aka JavaScript Hijacking) CWE-346
CAPEC-141 Cache Poisoning CWE-346
CAPEC-142 DNS Cache Poisoning CWE-346
CAPEC-160 Exploit Script-Based APIs CWE-346
CAPEC-384 Application API Message Manipulation via Man-in-the-Middle CWE-346
CAPEC-385 Transaction or Event Tampering via Application API Manipulation CWE-346
CAPEC-386 Application API Navigation Remapping CWE-346
CAPEC-387 Navigation Remapping To Propagate Malicious Content CWE-346
CAPEC-388 Application API Button Hijacking CWE-346
CAPEC-510 SaaS User Request Forgery CWE-346

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date