Ally
Company Details
Linkedin ID:
ally
Website:
Employees number:
15,070
Number of followers:
174,662
NAICS:
52
Industry Type:
Homepage:
ally.com
IP Addresses:
4
Company ID:
ALL_5694497
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Ally Vendor Cyber Rating & Cyber Score
ally.comAlly Financial Inc. (NYSE: ALLY) is a leading digital financial services company and a top 25 U.S. financial holding company offering financial products for consumers, businesses, automotive dealers and corporate clients. NMLS #3015 | #181005 | https://www.nmlsconsumeraccess.org/ Ally's legacy dates back to 1919, and the company was redesigned in 2009 with a distinctive brand, innovative approach and relentless focus on its customers. Ally has an award-winning online bank (Ally Bank, Member FDIC), one of the largest full service auto finance operations in the country, a complementary auto-focused insurance business, and a trusted corporate finance business offering capital for equity sponsors and middle-market companies. We extend equal employment opportunities to qualified applicants and employees on an equal basis regardless of an individual’s age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law.
Ally A.I CyberSecurity Scoring
Ally Risk Score (AI oriented)Between 700 and 749
Ally
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Ally Global Score (TPRM)XXXX
Ally
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Ally Company CyberSecurity News & History
Past Incidents
4
Attack Types
2
Ally: High-severity WordPress plugin flaw poses data compromise risk
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: High-Severity SQL Injection Flaw in WordPress Ally Plugin Exposes 250,000+ Sites A critical security vulnerability in the widely used WordPress plugin *Ally* designed to improve website accessibility and usability has been discovered, allowing unauthenticated attackers to extract, modify, or delete sensitive database information. The flaw, identified as CVE-2026-2413, is an SQL injection (SQLi) vulnerability that enables malicious actors to inject harmful SQL commands via a URL parameter. Discovered by Acquia security engineer Drew Webber, the exploit requires no authentication but is only executable if the plugin’s Remediation module is enabled and linked to an Elementor account. Researchers at Wordfence confirmed the attack method, noting that threat actors could leverage time-based blind SQL injection to extract data from vulnerable databases. The vulnerability was patched in version 4.1.0, released on February 23. However, WordPress usage data reveals that only 36% of sites running the plugin have applied the update, leaving an estimated 250,000+ websites exposed to potential exploitation. The flaw underscores the risks of delayed patching in widely deployed WordPress plugins.
Ally Bank
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Maine Office of the Attorney General reported that Ally Bank experienced a data breach due to insider wrongdoing on May 25, 2023. The breach, discovered on July 25, 2023, affected 328 individuals, compromising financial account numbers, among other personal information. Identity theft protection services, specifically Equifax Complete Premier, were offered for 24 months.
Ally Financial Inc.
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported a data breach involving Ally Financial Inc on June 15, 2021. The breach occurred on February 18, 2021, due to a programming code error that exposed usernames and passwords to third parties, affecting an unspecified number of individuals.
Ally Bank
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving Ally Bank on December 13, 2018. The breach occurred on November 11, 2018, when a third-party supplier inadvertently transmitted personal information to another financial institution, potentially affecting unspecified individuals. The compromised information included names, Social Security numbers, and other personal details.
Ally Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Ally
Incidents vs Financial Services Industry Average (This Year)
Ally has 50.5% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Ally has 14.53% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Ally vs Financial Services Industry Avg (This Year)
Ally reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Ally (X = Date, Y = Severity)
Ally cyber incidents detection timeline including parent company and subsidiaries
Ally Company Subsidiaries
Ally Financial Inc. (NYSE: ALLY) is a leading digital financial services company and a top 25 U.S. financial holding company offering financial products for consumers, businesses, automotive dealers and corporate clients. NMLS #3015 | #181005 | https://www.nmlsconsumeraccess.org/ Ally's legacy dates back to 1919, and the company was redesigned in 2009 with a distinctive brand, innovative approach and relentless focus on its customers. Ally has an award-winning online bank (Ally Bank, Member FDIC), one of the largest full service auto finance operations in the country, a complementary auto-focused insurance business, and a trusted corporate finance business offering capital for equity sponsors and middle-market companies. We extend equal employment opportunities to qualified applicants and employees on an equal basis regardless of an individual’s age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law.
Loading...
Ally Similar Companies
RHB Banking Group
We are a multinational regional financial services provider that is committed to deliver complete solutions to our clients through differentiated segment offerings and an ecosystem that supports simple, fast and seamless customer experience, underpinned by cohesive and inspired workforce and relatio
En Davivienda creemos en un mundo financiero sin barreras que facilite la vida a las personas, las empresas, las ciudades y municipios. Por esta razón hoy somos más de 19.000 personas innovando y creando cada día soluciones y ofertas exclusivas para 10 millones de clientes que permitan una mayor inc
Synchrony
At Synchrony, our driving force is to be essential to people's everyday lives by making it easier for the many millions of people who rely on us to access their essential needs and everyday wants with consumer financing that works for them – from their first credit card to a lifetime of flexibility.
Sun Life is a leading financial services organization dedicated to helping people achieve lifetime financial security and live healthier lives. We provide a wide range of insurance and investment products and services in key markets around the world including Canada, the United States, the United K
Moody's Corporation
In a world shaped by increasingly interconnected risks, Moody’s helps customers develop a holistic view of these risks to advance their business and act decisively. With a rich history of expertise in global markets and a diverse workforce in more than 40 countries, Moody’s unites the brightest mind
This is the official Company Page of Ping An Insurance (Group) Company of China, Ltd. (HKEx: 2318; SSE: 601318; ADR: PNGAY). Ping An strives to become a world leading technology-powered financial services group. We believe the way people receive financial services and healthcare in the future wil
Aon
We exist to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the cl
Old Mutual Limited is a listed company on the Johannesburg Stock Exchange and has secondary listings on the London, Malawi, Namibia and Zimbabwe stock exchanges. As a Pan-African financial services company, we are focused on Africa, her needs and her people. Together with you, we have educated our
Credicorp
Somos el grupo financiero líder en el Perú con una vasta experiencia en el mercado peruano. Contamos con una sólida plataforma de Banca Comercial reforzada por una importante presencia en Banca de Inversión en Latinoamérica destinada a desarrollar el potencial de la región y acompañar a nuestros cli
.png)
Ally CyberSecurity News
March 28, 2026 08:57 AM
From Local Insurgency To Regional Power: How The Houthis Became Iran’s Key Ally In Yemen, Here's How The Rebel Group Is Playing A Big Role In Shaping Middle East Conflict
The Houthis, a powerful militia in Yemen with ties to Iran, have emerged as a key player in Middle Eastern conflicts, controlling territory...
March 13, 2026 07:00 AM
SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites
SQL injection vulnerability in Ally WordPress plugin exposes 200k+ sites to data theft. Patch released, but most installations remain...
March 12, 2026 07:00 AM
The ASCEND Initiative (508 ALLY)
A call to action for educators and innovators: the ASCEND Initiative challenges academia to design a groundbreaking entry-level curriculum...
March 11, 2026 07:00 AM
Some conferences talk about digital transformation. Others bring in the people actually doing it. At DIGITAL BANKING, that means hearing from leaders like Sathish M., who oversees the technology, data, cybersecurity and digital capabilities powering one of th
March 11, 2026 07:00 AM
CSO Awards 2026 celebrates world-class security strategies
Winners will be recognized at the annual CSO Cybersecurity Awards & Conference held May 11-13, 2026. CSO Conference & Awards.
February 07, 2026 08:00 AM
Stop cyber threats! Learn to use artificial intelligence as your small business security ally
This session will focus on the security and privacy issues associated with artificial intelligence, providing a clear roadmap for...
February 05, 2026 08:00 AM
Stop cyber threats! Learn to use AI as your small business security ally
The University of Hawaiʻi Maui College is hosting the second of three free online cybersecurity clinics for Hawaiʻi's sole proprietors and...
January 31, 2026 08:00 AM
Windows security breaks ROG Xbox Ally handheld game consoles
Windows 11 security is blocking key software on Asus ROG Xbox Ally consoles, leaving pricey handhelds struggling to launch games properly.
December 08, 2025 08:00 AM
QC Ally Promotes Scott Ingram To CIO Role
Bringing more than two decades of experience to his new role, Scott Ingram will be responsible for the tech provider's overall strategy.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Ally CyberSecurity History Information
Official Website of Ally
The official website of Ally is http://www.ally.com.
Ally’s AI-Generated Cybersecurity Score
According to Rankiteo, Ally’s AI-generated cybersecurity score is 721, reflecting their Moderate security posture.
How many security badges does Ally’ have ?
According to Rankiteo, Ally currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Ally been affected by any supply chain cyber incidents ?
According to Rankiteo, Ally has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Ally have SOC 2 Type 1 certification ?
According to Rankiteo, Ally is not certified under SOC 2 Type 1.
Does Ally have SOC 2 Type 2 certification ?
According to Rankiteo, Ally does not hold a SOC 2 Type 2 certification.
Does Ally comply with GDPR ?
According to Rankiteo, Ally is not listed as GDPR compliant.
Does Ally have PCI DSS certification ?
According to Rankiteo, Ally does not currently maintain PCI DSS compliance.
Does Ally comply with HIPAA ?
According to Rankiteo, Ally is not compliant with HIPAA regulations.
Does Ally have ISO 27001 certification ?
According to Rankiteo,Ally is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ally
Ally operates primarily in the Financial Services industry.
Number of Employees at Ally
Ally employs approximately 15,070 people worldwide.
Subsidiaries Owned by Ally
Ally presently has no subsidiaries across any sectors.
Ally’s LinkedIn Followers
Ally’s official LinkedIn profile has approximately 174,662 followers.
NAICS Classification of Ally
Ally is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Ally’s Presence on Crunchbase
No, Ally does not have a profile on Crunchbase.
Ally’s Presence on LinkedIn
Yes, Ally maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ally.
Cybersecurity Incidents Involving Ally
As of April 02, 2026, Rankiteo reports that Ally has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Ally has an estimated 31,537 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ally ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Vulnerability.
How does Ally detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with wordfence, acquia, and containment measures with patch released (version 4.1.0), and remediation measures with update to ally plugin version 4.1.0 or later..
Incident Details
Can you provide details on each incident ?
Title: Ally Bank Data Breach
Description: The California Office of the Attorney General reported a data breach involving Ally Bank on December 13, 2018. The breach occurred on November 11, 2018, when a third-party supplier inadvertently transmitted personal information to another financial institution, potentially affecting unspecified individuals. The compromised information included names, Social Security numbers, and other personal details.
Date Detected: 2018-11-11
Date Publicly Disclosed: 2018-12-13
Type: Data Breach
Attack Vector: Third-party supplier error
Title: Ally Bank Data Breach
Description: The Maine Office of the Attorney General reported that Ally Bank experienced a data breach due to insider wrongdoing on May 25, 2023. The breach, discovered on July 25, 2023, affected 328 individuals, compromising financial account numbers, among other personal information. Identity theft protection services, specifically Equifax Complete Premier, were offered for 24 months.
Date Detected: 2023-07-25
Type: Data Breach
Attack Vector: Insider Wrongdoing
Threat Actor: Insider
Title: Data Breach at Ally Financial Inc
Description: A programming code error exposed usernames and passwords to third parties.
Date Detected: 2021-06-15
Date Publicly Disclosed: 2021-06-15
Type: Data Breach
Attack Vector: Programming Code Error
Vulnerability Exploited: Programming Code Error
Title: High-Severity SQL Injection Flaw in WordPress Ally Plugin Exposes 250,000+ Sites
Description: A critical security vulnerability in the widely used WordPress plugin *Ally* designed to improve website accessibility and usability has been discovered, allowing unauthenticated attackers to extract, modify, or delete sensitive database information. The flaw, identified as CVE-2026-2413, is an SQL injection (SQLi) vulnerability that enables malicious actors to inject harmful SQL commands via a URL parameter.
Date Resolved: 2026-02-23
Type: SQL Injection
Attack Vector: URL parameter
Vulnerability Exploited: CVE-2026-2413
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ALL049072425
Data Compromised: Names, Social security numbers, Other personal details
Incident : Data Breach ALL944072625
Data Compromised: Financial account numbers, Other personal information
Identity Theft Risk: High
Incident : Data Breach ALL932072825
Data Compromised: Usernames, Passwords
Incident : SQL Injection ALL1773383462
Data Compromised: Sensitive database information (extraction, modification, or deletion possible)
Systems Affected: WordPress sites using the Ally plugin with Remediation module enabled and linked to an Elementor account
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Other Personal Details, , Financial Account Numbers, Other Personal Information, , Usernames, Passwords, and Sensitive database information.
Which entities were affected by each incident ?
Incident : Data Breach ALL049072425
Entity Name: Ally Bank
Entity Type: Financial Institution
Industry: Banking
Incident : Data Breach ALL944072625
Entity Name: Ally Bank
Entity Type: Financial Institution
Industry: Banking
Customers Affected: 328
Incident : Data Breach ALL932072825
Entity Name: Ally Financial Inc
Entity Type: Financial Services
Industry: Finance
Customers Affected: Unspecified number of individuals
Incident : SQL Injection ALL1773383462
Entity Name: WordPress sites using Ally plugin
Entity Type: Websites
Industry: Various
Location: Global
Size: 250,000+ sites
Response to the Incidents
What measures were taken in response to each incident ?
Incident : SQL Injection ALL1773383462
Third Party Assistance: Wordfence, Acquia
Containment Measures: Patch released (version 4.1.0)
Remediation Measures: Update to Ally plugin version 4.1.0 or later
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Wordfence, Acquia.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ALL049072425
Type of Data Compromised: Names, Social security numbers, Other personal details
Sensitivity of Data: High
Incident : Data Breach ALL944072625
Type of Data Compromised: Financial account numbers, Other personal information
Number of Records Exposed: 328
Sensitivity of Data: High
Incident : Data Breach ALL932072825
Type of Data Compromised: Usernames, Passwords
Incident : SQL Injection ALL1773383462
Type of Data Compromised: Sensitive database information
Sensitivity of Data: High (potential for extraction, modification, or deletion)
Data Exfiltration: Possible via time-based blind SQL injection
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Update to Ally plugin version 4.1.0 or later.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patch released (version 4.1.0).
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : SQL Injection ALL1773383462
Lessons Learned: Risks of delayed patching in widely deployed WordPress plugins
What recommendations were made to prevent future incidents ?
Incident : SQL Injection ALL1773383462
Recommendations: Apply the patch (version 4.1.0 or later) immediately to mitigate exposure
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Risks of delayed patching in widely deployed WordPress plugins.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Apply the patch (version 4.1.0 or later) immediately to mitigate exposure.
References
Where can I find more information about each incident ?
Incident : Data Breach ALL049072425
Source: California Office of the Attorney General
Date Accessed: 2018-12-13
Incident : Data Breach ALL944072625
Source: Maine Office of the Attorney General
Incident : Data Breach ALL932072825
Source: California Office of the Attorney General
Date Accessed: 2021-06-15
Incident : SQL Injection ALL1773383462
Source: Wordfence
Incident : SQL Injection ALL1773383462
Source: Acquia (Drew Webber)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2018-12-13, and Source: Maine Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2021-06-15, and Source: Wordfence, and Source: Acquia (Drew Webber).
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : SQL Injection ALL1773383462
Root Causes: SQL injection vulnerability in Ally plugin's Remediation module (enabled and linked to Elementor account)
Corrective Actions: Patch released (version 4.1.0)
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Wordfence, Acquia.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patch released (version 4.1.0).
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Insider.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2018-11-11.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-06-15.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2026-02-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, other personal details, , Financial Account Numbers, Other Personal Information, , usernames, passwords, , Sensitive database information (extraction, modification and or deletion possible).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Wordfence, Acquia.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Patch released (version 4.1.0).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, passwords, Other Personal Information, other personal details, Sensitive database information (extraction, modification, or deletion possible), names, Financial Account Numbers and usernames.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 328.0.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Risks of delayed patching in widely deployed WordPress plugins.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Apply the patch (version 4.1.0 or later) immediately to mitigate exposure.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Wordfence, Maine Office of the Attorney General, Acquia (Drew Webber) and California Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ally' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
