CWE · MITRE source
CWE-353Missing Support for Integrity Check
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
If integrity check values or "checksums" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 16 mapping(s) from 6 framework(s): ATT&CK 4 (mostly) · CAPEC 4 (partial) · ASVS 5.0 3 (full) · STIG oracle linux 8 3 (mostly) · OWASP-Web 1 (mostly) · STIG rhel 8 1 (partial)
OWASP Top 10 for Web (2025)
This weakness contributes to A08:2025 Software or Data Integrity Failures.
NIST 800-53 r5 controls that address this weakness (11)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SA-10 | Developer Configuration Management | SA | Requiring control over the integrity of all changes directly compels developers to implement integrity verification mechanisms rather than omitting them. |
SA-18 | Tamper Resistance and Detection | SA | Tamper detection fundamentally depends on integrity-checking capabilities that this control mandates or strengthens. |
SA-19 | Component Authenticity | SA | Explicitly requires support for integrity and authenticity checks on components before acceptance into the system. |
SR-11 | Component Authenticity | SR | The control mandates support for integrity-checking mechanisms to identify non-genuine components. |
SR-4 | Provenance | SR | Maintaining valid provenance requires supporting integrity checks on the origin and chain of custody for systems and data. |
SR-9 | Tamper Resistance and Detection | SR | Tamper protection programs explicitly add integrity checks where support was previously missing. |
SC-20 | Secure Name/Address Resolution Service (Authoritative Source) | SC | Supplies the integrity-check artifacts (e.g., RRSIG, DNSKEY) that were previously missing for DNS responses. |
SC-33 | Transmission Preparation Integrity | SC | Control explicitly adds support for integrity mechanisms such as checksums during preparation, preventing attacks that rely on missing integrity checks. |
AU-10 | Non-repudiation | AU | Irrefutable evidence of actions requires integrity protection to prevent tampering or alteration of records. |
CM-14 | Signed Components | CM | Implements required signature-based integrity verification, addressing missing support for integrity checks on components. |
SI-7 | Software, Firmware, and Information Integrity | SI | Directly supplies the missing integrity verification mechanism the weakness describes. |
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2020-7878 | 7.0 | 9.8 | 0.0069 | 2021-12-28 |
CVE-2026-45787 UPD | 7.0 | 9.1 | 0.0010 | 2026-05-28 |
CVE-2019-10943 | 5.5 | 7.5 | 0.0095 | 2019-08-13 |
CVE-2020-10266 | 5.5 | 8.1 | 0.0048 | 2020-04-06 |
CVE-2019-11480 | 5.5 | 8.4 | 0.0051 | 2020-04-14 |
CVE-2020-7808 | 5.5 | 8.7 | 0.0069 | 2020-05-21 |
CVE-2020-7810 | 5.5 | 8.8 | 0.0044 | 2020-08-07 |
CVE-2020-10124 | 5.5 | 7.1 | 0.0073 | 2020-08-21 |
CVE-2021-28545 | 5.5 | 8.1 | 0.0227 | 2021-04-01 |
CVE-2021-26608 | 5.5 | 8.8 | 0.0060 | 2021-09-09 |
CVE-2021-26610 | 5.5 | 7.2 | 0.0044 | 2021-10-27 |
CVE-2023-32475 | 5.5 | 7.6 | 0.0017 | 2024-06-07 |
CVE-2024-27817 | 5.5 | 7.8 | 0.0018 | 2024-06-10 |
CVE-2025-48500 UPD | 5.5 | 7.3 | 0.0010 | 2025-08-13 |
CVE-2024-46917 UPD | 5.5 | 8.1 | 0.0022 | 2025-08-29 |
CVE-2025-65203 | 5.5 | 7.1 | 0.0011 | 2025-12-17 |
CVE-2025-15364 | 5.5 | 7.3 | 0.0017 | 2026-01-06 |
CVE-2026-42428 | 5.5 | 7.1 | 0.0014 | 2026-04-28 |
CVE-2026-7574 | 5.5 | 8.7 | 0.0010 | 2026-06-24 |
CVE-2026-48995 | 5.5 | 7.5 | 0.0012 | 2026-06-25 |
CVE-2019-12804 | 3.5 | 5.5 | 0.0040 | 2019-07-10 |
CVE-2019-19160 | 3.5 | 5.7 | 0.0058 | 2020-06-29 |
CVE-2020-9062 | 3.5 | 5.3 | 0.0017 | 2020-08-21 |
CVE-2020-7807 | 3.5 | 5.6 | 0.0019 | 2020-09-14 |
CVE-2021-28546 | 3.5 | 6.5 | 0.0142 | 2021-04-01 |