CWE-348: Use of Less Trusted Source

ID CWE-348

Abstraction Base

Structure Simple

Status Draft

Number of CVEs 12

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

Modes of Introduction

Phase	Note
Architecture and Design
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-345	Insufficient Verification of Data Authenticity	Class	Simple	Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-73	User-Controlled Filename	CWE-348
CAPEC-76	Manipulating Web Input to File System Calls	CWE-348
CAPEC-85	AJAX Footprinting	CWE-348
CAPEC-141	Cache Poisoning	CWE-348
CAPEC-142	DNS Cache Poisoning	CWE-348

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date