CMA CGM
Company Details
Linkedin ID:
cma-cgm
Website:
Employees number:
30,339
Number of followers:
1,546,075
NAICS:
47
Industry Type:
Homepage:
cma-cgm.com
IP Addresses:
0
Company ID:
CMA_3883102
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
CMA CGM Vendor Cyber Rating & Cyber Score
cma-cgm.comThe CMA CGM Group is a global player in sea, land, air and logistics solutions, true to its corporate Purpose, "We imagine better ways to serve a world in motion". Present in 177 countries, it employs 160,000 people, of which nearly 6,000 in Marseilles where its head office is located. The world's 3rd largest shipping company, CMA CGM serves more than 420 ports across 5 continents with a fleet of over 650 vessels. In 2024, CMA CGM carried over 23 million TEU (twenty-foot equivalent unit) containers. Its subsidiary CEVA Logistics, one of the world's top five players, operates 1,000 warehouses and handled 15 million shipments in 2024. CMA CGM AIR CARGO, the Group's air freight division, will operate a fleet of 6 cargo aircraft by 2025. CMA Media, France's 3rd largest private media group, includes RMC-BFM and several national and regional press titles (La Tribune Dimanche, La Tribune, La Provence and Corse Matin). Committed to energy transition, the CMA CGM Group is aiming for Net Zero Carbon by 2050. The CMA CGM Foundation provides humanitarian aid in crisis situations, and is committed to education for all and equal opportunities throughout the world. To date, the CMA CGM Foundation has transported 63,000 tons of humanitarian aid to 97 countries and supported over 550 educational projects.
CMA CGM A.I CyberSecurity Scoring
CMA CGM Risk Score (AI oriented)Between 750 and 799
CMA CGM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CMA CGM Global Score (TPRM)XXXX
CMA CGM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CMA CGM Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
CMA CGM
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In September 2021, CMA CGM, a France-based global shipping and logistics giant, fell victim to a cyber-attack involving Ragnar Locker ransomware. The attackers infiltrated the company’s network, stole and encrypted customer data, and demanded a ransom. To contain the breach, CMA CGM disconnected its global network from the internet, halting all online booking services, operational requests, and partially disrupting port and vessel operations. Customers were forced to rely on local offices for bookings and inquiries, causing significant operational delays.After the company refused to pay the ransom, the hackers leaked all stolen data, exacerbating the impact. The attack not only compromised sensitive customer information but also crippled critical business functions, leading to financial losses, reputational damage, and logistical chaos across its global supply chain. The incident highlighted vulnerabilities in maritime cybersecurity and the severe consequences of ransomware attacks on large-scale industrial operations.
CMA CGM
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In late September 2020, the French shipping giant CMA CGM fell victim to a Ragnar Locker ransomware attack orchestrated by the Ragnar Locker Gang. The cybercriminals exfiltrated personal data of clients and encrypted critical systems, demanding a ransom in exchange for a decryption key. While the marine and port operations remained functional, the attack disrupted online booking services, operational requests, and loading processes, forcing customers to rely on local offices for assistance. The company isolated its global network by cutting internet access to contain the ransomware’s spread. The primary motive was financial extortion, though the exact ransom amount was not disclosed publicly. The incident caused operational slowdowns, reputational damage, and potential long-term trust erosion among clients, though no evidence suggested a complete halt in core shipping activities. The stolen customer data heightened concerns over privacy breaches and regulatory compliance risks.
CMA CGM (Assumed based on the context of a major container vessel attack in 2017)
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In February 2017, a container vessel operated by a leading global shipping company fell victim to a sophisticated cyber attack orchestrated by African pirates. The hackers targeted the ship’s Navigation Systems while it was en route from Cyprus to Djibouti, aiming to seize full control and redirect it to a location where they could physically hijack the vessel. The attack rendered the ship unmaneuverable for 10 hours, forcing the crew to bring in IT experts to restore system functionality after repeated failed attempts. The incident compromised the availability and integrity of the ship’s critical systems, posing severe risks to crew safety, cargo security, and operational continuity. Had the pirates succeeded in fully controlling the vessel, the consequences could have included financial losses from ransom demands, cargo theft, reputational damage, and potential environmental hazards if the ship had been diverted to unsafe waters. The attack highlighted vulnerabilities in maritime cybersecurity, particularly in legacy navigation and communication systems, which remain prime targets for cyber-criminals exploiting gaps in industrial control systems (ICS) and operational technology (OT).
CMA CGM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CMA CGM
Incidents vs Transportation, Logistics, Supply Chain and Storage Industry Average (This Year)
No incidents recorded for CMA CGM in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CMA CGM in 2026.
Incident Types CMA CGM vs Transportation, Logistics, Supply Chain and Storage Industry Avg (This Year)
No incidents recorded for CMA CGM in 2026.
Incident History — CMA CGM (X = Date, Y = Severity)
CMA CGM cyber incidents detection timeline including parent company and subsidiaries
CMA CGM Company Subsidiaries
The CMA CGM Group is a global player in sea, land, air and logistics solutions, true to its corporate Purpose, "We imagine better ways to serve a world in motion". Present in 177 countries, it employs 160,000 people, of which nearly 6,000 in Marseilles where its head office is located. The world's 3rd largest shipping company, CMA CGM serves more than 420 ports across 5 continents with a fleet of over 650 vessels. In 2024, CMA CGM carried over 23 million TEU (twenty-foot equivalent unit) containers. Its subsidiary CEVA Logistics, one of the world's top five players, operates 1,000 warehouses and handled 15 million shipments in 2024. CMA CGM AIR CARGO, the Group's air freight division, will operate a fleet of 6 cargo aircraft by 2025. CMA Media, France's 3rd largest private media group, includes RMC-BFM and several national and regional press titles (La Tribune Dimanche, La Tribune, La Provence and Corse Matin). Committed to energy transition, the CMA CGM Group is aiming for Net Zero Carbon by 2050. The CMA CGM Foundation provides humanitarian aid in crisis situations, and is committed to education for all and equal opportunities throughout the world. To date, the CMA CGM Foundation has transported 63,000 tons of humanitarian aid to 97 countries and supported over 550 educational projects.
Loading...
CMA CGM Similar Companies
Walmart Distribution Center
Saving people money so they can live better is a big job. That’s why we have one of the largest private distribution networks in the world. Each of our 42 regional U.S. distribution centers is over 1 million square feet, with more than 12 miles of conveyor belts to move 5.5 billion cases of merchand
bnode
bnode (formerly bpostgroup) is a digital expert in parcel logistics, active in Europe, North America and Asia-Pacific. The group operates through three business units: 3PL (soon to be paxon, with brands as Active Ants, Staci and Radial), Cross-border (working under the name of Landmark Global) and B
CEVA Logistics
CEVA provides world-class supply chain solutions for large and medium-size national and multinational companies across the globe. As an industry leader, CEVA offers customers complete supply chain design and implementation in contract logistics and freight management, alone or in combination. Toget
Lineage
Lineage is one of the world’s leading temperature-controlled industrial REITs and integrated solutions providers with a global network of over 480 strategically located facilities, totaling nearly 2.9 billion cubic feet of capacity across countries in North America, Europe, and Asia-Pacific. Couplin
Deutsche Post delivers mail and parcels in Germany. It is an expert provider of dialogue marketing and press distribution services as well as corporate communications solutions. We operate a nationwide transport and delivery network in Germany. We also deliver mail across borders, serve the domesti
Rhenus Logistics
The Rhenus Group is one of the leading logistics specialists with global business operations and annual turnover amounting to EUR 8.2 billion. 41,000 employees work at 1,330 business sites in more than 70+ countries and develop innovative solutions along the complete supply chain. Whether providing
La Poste Groupe
Premier réseau commercial de proximité en France, le groupe La Poste est organisé en 4 branches d’activité : Services-Courrier-Colis, Banque et Assurance, Distributeur physique et numérique, GeoPost/DPDGroup pour l'international. Présent dans plus de 63 pays, sur 5 continents, il a réalisé un chiffr
A.P. Moller - Maersk
A.P. Moller - Maersk is an integrated transport and logistics company; going all the way, together, for our customers and society. ALL THE WAY is our commitment to connect the world so that everyone has both the possibility and the ability to trade, grow and thrive. The company employs roughly 110.0
GEODIS
GEODIS is a leading global logistics provider acknowledged for its expertise across all aspects of the supply chain. As a growth partner to its clients, GEODIS specializes in four lines of business: Global Freight Forwarding, Global Contract Logistics, Distribution & Express Transport, and European
.png)
CMA CGM CyberSecurity News
March 03, 2026 08:00 AM
Expeditors Restoring Systems After Cyberattack
Expeditors is scrambling to get its operations back up and running after a cyberattack that struck the global logistics specialist on 20 February.
February 25, 2026 08:00 AM
A Landmark Week for France Highlighted by the India AI Impact Summit & Expo 2026
NEW DELHI, Feb. 26, 2026 /PRNewswire/ -- France has concluded an exceptional week of diplomatic, technological and innovative industrial...
February 10, 2026 08:00 AM
CMA CGM, Marlink & Eutelsat launch fleet-wide LEO network
CMA CGM Group, Marlink, and Eutelsat have joined forces to deploy OneWeb Low Earth Orbit (LEO) connectivity across CMA CGM's worldwide...
February 10, 2026 07:14 AM
CMA CGM deepens fleet digitalisation with LEO
The shipowner is rolling out low latency connectivity across more than 300 vessels as part of a wider push to modernise fleet operations.
February 09, 2026 08:00 AM
CMA CGM Group, Marlink, And Eutelsat Partner To Deploy OneWeb LEO Connectivity
CMA CGM Group, Marlink, and Eutelsat have announced a partnership to deploy OneWeb LEO connectivity across CMA CGM's global maritime fleet.
February 09, 2026 08:00 AM
CMA CGM taps Marlink and Eutelsat for 300-plus vessel connectivity upgrade
CMA CGM, the world's third-largest liner, has partnered with Marlink and Eutelsat to roll out OneWeb LEO connectivity across more than 300...
January 28, 2026 08:00 AM
Meta's Eliyan investment, Automation Anywhere's merger, and Handshake's buy
Venture Capital. • Decagon, an SF-based customer support conversational AI startup, raised a $250m Series D round at a $4.5b valuation.
January 21, 2026 08:00 AM
60% of cyberattacks on logistics start with an email you nearly clicked
Cyberattacks against transport and logistics companies have increased markedly in recent years, turning cybersecurity into a direct...
January 14, 2026 08:00 AM
$2.61 Bn Maritime Market Trends, Strategies, and
Emerging market opportunities in the maritime sector include smart and automated shipping solutions, energy-efficient vessels, AI and IoT...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CMA CGM CyberSecurity History Information
Official Website of CMA CGM
The official website of CMA CGM is http://www.cma-cgm.com.
CMA CGM’s AI-Generated Cybersecurity Score
According to Rankiteo, CMA CGM’s AI-generated cybersecurity score is 766, reflecting their Fair security posture.
How many security badges does CMA CGM’ have ?
According to Rankiteo, CMA CGM currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has CMA CGM been affected by any supply chain cyber incidents ?
According to Rankiteo, CMA CGM has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does CMA CGM have SOC 2 Type 1 certification ?
According to Rankiteo, CMA CGM is not certified under SOC 2 Type 1.
Does CMA CGM have SOC 2 Type 2 certification ?
According to Rankiteo, CMA CGM does not hold a SOC 2 Type 2 certification.
Does CMA CGM comply with GDPR ?
According to Rankiteo, CMA CGM is not listed as GDPR compliant.
Does CMA CGM have PCI DSS certification ?
According to Rankiteo, CMA CGM does not currently maintain PCI DSS compliance.
Does CMA CGM comply with HIPAA ?
According to Rankiteo, CMA CGM is not compliant with HIPAA regulations.
Does CMA CGM have ISO 27001 certification ?
According to Rankiteo,CMA CGM is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CMA CGM
CMA CGM operates primarily in the Transportation, Logistics, Supply Chain and Storage industry.
Number of Employees at CMA CGM
CMA CGM employs approximately 30,339 people worldwide.
Subsidiaries Owned by CMA CGM
CMA CGM presently has no subsidiaries across any sectors.
CMA CGM’s LinkedIn Followers
CMA CGM’s official LinkedIn profile has approximately 1,546,075 followers.
NAICS Classification of CMA CGM
CMA CGM is classified under the NAICS code 47, which corresponds to Transportation and Warehousing.
CMA CGM’s Presence on Crunchbase
No, CMA CGM does not have a profile on Crunchbase.
CMA CGM’s Presence on LinkedIn
Yes, CMA CGM maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cma-cgm.
Cybersecurity Incidents Involving CMA CGM
As of April 02, 2026, Rankiteo reports that CMA CGM has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
CMA CGM has an estimated 6,531 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CMA CGM ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Ransomware.
How does CMA CGM detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disabled internet connection to prevent ransomware spread, and recovery measures with directed customers to local offices for bookings and queries, and and containment measures with shut down internet access to prevent ransomware spread, and communication strategy with customers directed to local offices for bookings/inquiries, and incident response plan activated with yes (crew attempted recovery; it experts boarded), and third party assistance with it experts (onsite), and containment measures with manual override attempts, containment measures with it expert intervention, and remediation measures with restoration of navigation systems..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on CMA CGM by Ragnar Locker Gang
Description: In September 2020, the French shipping company CMA CGM was targeted by the Ragnar Locker ransomware gang. The attackers stole personal client data and demanded a ransom for a decryption key. The company disabled its internet connection to contain the attack, disrupting online booking services while keeping marine and port operations functional. The attack aimed at financial gain, though the exact ransom amount was not disclosed.
Date Detected: 2020-09-25
Date Publicly Disclosed: 2020-09-27
Type: ransomware
Threat Actor: Ragnar Locker Gang
Motivation: financial gain
Title: CMA CGM Ransomware Attack (September 2021)
Description: In September 2021, France-based CMA CGM experienced a cyber-attack on their network involving hacking and ransomware. The hackers used Ragnar Locker ransomware to steal and encrypt customer data. The company shut down internet access to prevent further spread, disrupting online booking services, operational requests, and partially impacting ports and vessels. After refusing to pay the ransom, all stolen data was leaked.
Date Detected: 2021-09
Type: cyber-attack
Attack Vector: ransomware (Ragnar Locker)
Motivation: financial gaindata theft
Title: Cyber Attack on Container Vessel by African Pirates (2017)
Description: In February 2017, a container vessel en route from Cyprus to Djibouti was targeted by a hacking attack carried out by African pirates. The attackers aimed to gain full control of the vessel's Navigation Systems to redirect the ship to an area where they could physically seize it. The hack rendered the ship unable to maneuver, and the attackers maintained control for 10 hours. The crew attempted to regain control but required onboard IT experts to restore the Navigation Systems after hours of intervention. The incident compromised the availability and integrity of the vessel's systems under the CIA triad.
Date Detected: February 2017
Date Resolved: February 2017 (within 10 hours of detection)
Type: cyber-physical attack
Attack Vector: remote hackingnavigation system compromise
Threat Actor: African pirates (cyber-enabled)
Motivation: financial gain (piracy)physical seizure of vesselransom
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : ransomware CMA642092025
Data Compromised: Personal data of clients
Systems Affected: online booking servicesoperational request systems
Downtime: partial (online services suspended, local offices used for bookings)
Operational Impact: loading processes hampered, but marine and port activities remained operational
Identity Theft Risk: likely (personal data stolen)
Incident : cyber-attack CMA330092125
Data Compromised: Customer data
Systems Affected: online booking servicesoperational request systemsports (partial)vessels (partial)
Downtime: True
Operational Impact: disruption of booking servicespartial disruption of ports and vesselscustomers redirected to local offices
Incident : cyber-physical attack CMA840092125
Systems Affected: Navigation Systems
Downtime: 10 hours
Operational Impact: loss of vessel maneuverabilitytemporary loss of control to attackersrequirement for emergency IT intervention
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data, , Customer Data and .
Which entities were affected by each incident ?
Incident : ransomware CMA642092025
Entity Name: CMA CGM
Entity Type: corporation
Industry: shipping/logistics
Location: France (global operations)
Size: large
Incident : cyber-attack CMA330092125
Entity Name: CMA CGM
Entity Type: company
Industry: shipping, logistics, maritime
Location: France (global operations)
Customers Affected: True
Incident : cyber-physical attack CMA840092125
Entity Type: container vessel (maritime shipping)
Industry: maritime/logistics
Location: Cyprus (departure)Djibouti (destination)unknown (attack location)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : ransomware CMA642092025
Incident Response Plan Activated: True
Containment Measures: disabled internet connection to prevent ransomware spread
Recovery Measures: directed customers to local offices for bookings and queries
Incident : cyber-attack CMA330092125
Incident Response Plan Activated: True
Containment Measures: shut down internet access to prevent ransomware spread
Communication Strategy: customers directed to local offices for bookings/inquiries
Incident : cyber-physical attack CMA840092125
Incident Response Plan Activated: Yes (crew attempted recovery; IT experts boarded)
Third Party Assistance: It Experts (Onsite).
Containment Measures: manual override attemptsIT expert intervention
Remediation Measures: restoration of Navigation Systems
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (crew attempted recovery; IT experts boarded).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through IT experts (onsite), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : ransomware CMA642092025
Type of Data Compromised: Personal data
Sensitivity of Data: high (personal client data)
Data Encryption: True
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: restoration of Navigation Systems, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled internet connection to prevent ransomware spread, , shut down internet access to prevent ransomware spread, , manual override attempts, it expert intervention and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware CMA642092025
Ransom Demanded: True
Ransomware Strain: Ragnar Locker
Data Encryption: True
Data Exfiltration: True
Incident : cyber-attack CMA330092125
Ransom Demanded: True
Ransomware Strain: Ragnar Locker
Data Encryption: True
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through directed customers to local offices for bookings and queries, .
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Port Technology International TeamDate Accessed: 2021.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : cyber-physical attack CMA840092125
Investigation Status: Resolved (systems restored; no further public details)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customers Directed To Local Offices For Bookings/Inquiries.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware CMA642092025
Customer Advisories: customers directed to local offices for bookings and queries
Incident : cyber-attack CMA330092125
Customer Advisories: customers advised to contact local offices for bookings/inquiries
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Directed To Local Offices For Bookings And Queries, , Customers Advised To Contact Local Offices For Bookings/Inquiries and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : cyber-physical attack CMA840092125
High Value Targets: Navigation Systems,
Data Sold on Dark Web: Navigation Systems,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : cyber-physical attack CMA840092125
Root Causes: Vulnerabilities In Navigation Systems, Lack Of Cyber-Physical Security Measures,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as It Experts (Onsite), .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was True.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Ragnar Locker Gang and African pirates (cyber-enabled).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-09-25.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-09-27.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on February 2017 (within 10 hours of detection).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were personal data of clients, , customer data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was online booking servicesoperational request systems and online booking servicesoperational request systemsports (partial)vessels (partial) and Navigation Systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was it experts (onsite), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were disabled internet connection to prevent ransomware spread, shut down internet access to prevent ransomware spread and manual override attemptsIT expert intervention.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were customer data and personal data of clients.
Ransomware Information
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Port Technology International Team.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (systems restored; no further public details).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an customers directed to local offices for bookings and queries and customers advised to contact local offices for bookings/inquiries.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cma-cgm' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
