CWE-494 - Download of Code Without Integrity Check

Description

The weakness consists in downloading of source or executable code without checking its origin and integrity. Lack of verifying allows attackers to deceive the system by execution or changing a malicious code. Using of untrusted code allows offenders to execute attacker-controlled commands, read or modify potentially sensitive information or worsen software functioning for legitimate users.
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-494

Multiple vulnerabilities in IOSIX IO-1020 Micro ELD 2024-04-03
Medium Yes

Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps 2024-01-30
High Yes

Multiple vulnerabilities in Dell Networker 2024-01-30
High Yes

Multiple vulnerabilities in Buildroot 2023-12-06
High Yes

Multiple vulnerabilities in IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 2023-11-30
Medium Yes

Multiple vulnerabilities in IBM Storage Fusion and IBM Storage Fusion HCI 2023-09-15
Medium Yes

Privilege escalation in FortiClient for Mac 2023-04-11
Low Yes

Multiple vulnerabilities in IBM FOS Firmware 2023-03-02
High Yes

Multiple vulnerabilities in IBM FlashSystem models 840 and 900 2023-02-20
High Yes

Remote code execution in Sinatra 2023-01-24
High Yes

References

Description of CWE-494 on Mitre website