Cyber Resilience

CWE · MITRE source

CWE-347Improper Verification of Cryptographic Signature

Abstraction: Base · CVEs in our corpus: 706

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Last updated: 04 July 2026 08:17 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 15 mapping(s) from 8 framework(s): ATT&CK 5 (mostly) · STIG oracle linux 9 2 (full) · STIG oracle linux 8 2 (full) · STIG rhel 7 2 (mostly) · STIG rhel 8 1 (full) · STIG rhel 9 1 (mostly) · CAPEC 1 (partial) · OWASP-Web 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A04:2025 Cryptographic Failures.

NIST 800-53 r5 controls that address this weakness (7)AI

Control Title Family Why it addresses this CWE
SC-17Public Key Infrastructure CertificatesSCPKI certificates under an approved policy require cryptographic signature verification on issuance and validation.
SC-20Secure Name/Address Resolution Service (Authoritative Source)SCRequires cryptographic signatures on authoritative data and support for verifying the chain of trust.
SC-21Secure Name/Address Resolution Service (Recursive or Caching Resolver)SCMandates verification of cryptographic signatures (e.g., DNSSEC RRSIG) on resolution responses, addressing missing or bypassed signature checks.
CM-14Signed ComponentsCMRequires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures.
SA-19Component AuthenticitySAComponent authenticity commonly depends on cryptographic signatures; the control enforces proper verification of those signatures.
SI-7Software, Firmware, and Information IntegritySIIntegrity tools commonly rely on cryptographic signatures whose improper validation this weakness covers.
SR-11Component AuthenticitySRAuthenticity validation commonly relies on cryptographic signature or certificate checks that this control enforces.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2013-3900 KEV10.05.50.44652013-12-11
CVE-2020-2021 KEV10.010.00.04362020-06-29
CVE-2020-1464 KEV10.07.80.41132020-08-17
CVE-2025-47827 KEV UPD10.04.60.03822025-06-05
CVE-2025-59718 KEV UPD10.09.80.65832025-12-09
CVE-2026-48558 KEV UPD10.010.00.01162026-06-12
CVE-2018-160428.06.50.82432019-01-18
CVE-2021-221608.09.80.52932021-05-26
CVE-2025-252928.09.80.63792025-03-12
CVE-2017-24237.09.80.01752017-04-02
CVE-2018-10000767.09.80.03042018-03-13
CVE-2017-181467.09.80.00952018-04-11
CVE-2018-123567.09.80.04652018-06-15
CVE-2017-31987.09.80.01602018-07-09
CVE-2018-89557.09.80.04262018-10-24
CVE-2018-59237.09.80.02612019-03-27
CVE-2019-63187.09.80.02612019-04-11
CVE-2019-131777.09.80.01622019-07-02
CVE-2019-10102637.09.80.01302019-07-17
CVE-2019-10101617.09.80.01102019-07-25
CVE-2014-35857.09.80.01062019-11-22
CVE-2019-148597.09.10.01602020-01-02
CVE-2020-61747.09.80.00982020-02-05
CVE-2019-205977.09.10.00252020-03-24
CVE-2020-10267.09.80.02542020-04-15