CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
low-riskThe product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.
Abstraction: Base
Common Consequences
Integrity
→
Unexpected State
Real-World Examples (5)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-10772 | 8.8 | 0.2% | — |
| CVE-2010-3300 | 5.9 | 0.2% | — |
| CVE-2024-36279 | 5.3 | 0.1% | — |
| CVE-2019-3730 | 7.5 | 0.1% | — |
| CVE-2025-5323 | 3.7 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal