Coldwell Banker
Company Details
Linkedin ID:
coldwell-banker
Website:
Employees number:
42,805
Number of followers:
236,644
NAICS:
None
Industry Type:
Homepage:
coldwellbanker.com
IP Addresses:
0
Company ID:
COL_2728189
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Coldwell Banker Vendor Cyber Rating & Cyber Score
coldwellbanker.comWelcome to Coldwell Banker Real Estate LLC, a company founded in 1906 on a commitment to professionalism and customer service which remains the cornerstone of our business philosophy today. We are the nation’s oldest real estate company and our experience has helped make the dream of homeownership a reality for millions of families. Whether you are a first-time buyer or in the process of stepping up to your dream home, coldwellbanker.com is a great place to begin the process. We have made everything available to you 24/7 and only a click away - including information on properties for sale and access to the most professional sales agents in the business. Coldwell Banker affiliated real estate agents are the reason clients continue to work with us, transaction after transaction. Their knowledge and experience can guide you through the real estate process and help you with all of the details before, during and after the sale. Coldwell Banker is an Anywhere (NYSE: HOUS) brand.
Coldwell Banker A.I CyberSecurity Scoring
Coldwell Banker Risk Score (AI oriented)Between 700 and 749
Coldwell Banker
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Coldwell Banker Global Score (TPRM)XXXX
Coldwell Banker
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Coldwell Banker Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Ivanti
Oracle
SalesforceSubstack: Substack data breach exposed users’ emails and phone numbers
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Substack Discloses 2025 Data Breach Exposing User Email Addresses and Phone Numbers Substack has notified select users that their email addresses and phone numbers were exposed in a security incident last October. In an email sent to affected account holders, CEO Chris Best confirmed that an unauthorized third party accessed internal data on February 3, 2025, though passwords, credit card details, and financial information remained secure. The breach involved email addresses, phone numbers, and internal metadata, but Substack stated there is no evidence the data has been misused. The company has since patched the vulnerability and is conducting a full investigation while strengthening its security measures to prevent future incidents. No details were provided on the root cause of the breach or the total number of impacted users. Best apologized for the incident, acknowledging the company’s failure to adequately protect user data. Substack has not yet responded to requests for further clarification on the scope of the breach.
Anywhere Real Estate and Sotheby’s International Realty: Property records tech draws fresh VC interest; Anywhere data breach affects 17,000
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Anywhere Real Estate Hit by Clop Ransomware Attack, Exposing 17,429 Customers In August, Anywhere Real Estate disclosed a data breach affecting 17,429 customers, following an attack by the Clop ransomware gang. The cybercriminals infiltrated the company’s Oracle E-Business Suite environment, accessing and potentially exfiltrating sensitive customer data. A breach notification filed with the Maine Attorney General’s Office confirmed the incident, though details on the exact nature of the compromised information remain limited. Clop, a well-known ransomware and extortion group, has been linked to multiple high-profile attacks, often targeting vulnerabilities in enterprise software. The breach at Anywhere Real Estate parent company of brands like Coldwell Banker, Century 21, and Sotheby’s International Realty highlights the growing threat to real estate and mortgage sectors, where vast amounts of personal and financial data are stored. The company has since notified impacted individuals, but the full scope of the breach’s consequences including potential identity theft or fraud remains unclear. This incident follows a broader trend of cyberattacks on real estate firms, underscoring the industry’s vulnerability to sophisticated ransomware operations.
Grubhub: Ex-Grubhub Worker Alleges Food App Negligently Allowed Data Hack
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Grubhub Faces Class Action Lawsuit Over January 2025 Data Breach A former Grubhub employee has filed a class action lawsuit against the food delivery platform, alleging the company failed to implement adequate security measures to protect sensitive personal and financial data. The complaint, filed on February 5, 2025, in the U.S. District Court for the Northern District of Illinois, claims cybercriminals accessed the information of tens of thousands of customers and employees in a January 2025 breach. The exposed data reportedly included Social Security numbers, addresses, and financial details. Grubhub notified affected individuals on February 3, 2025, acknowledging the incident. The lawsuit, led by plaintiff Brian Bianchi, accuses Grubhub of negligence in safeguarding user data, potentially leaving victims vulnerable to identity theft and fraud. The case highlights growing scrutiny over corporate cybersecurity practices and the legal consequences of failing to protect consumer information. No further details on the breach’s scope or the attackers’ methods have been disclosed.
Coldwell Banker Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Coldwell Banker
Incidents vs Real Estate Industry Average (This Year)
No incidents recorded for Coldwell Banker in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Coldwell Banker in 2026.
Incident Types Coldwell Banker vs Real Estate Industry Avg (This Year)
No incidents recorded for Coldwell Banker in 2026.
Incident History — Coldwell Banker (X = Date, Y = Severity)
Coldwell Banker cyber incidents detection timeline including parent company and subsidiaries
Coldwell Banker Company Subsidiaries
Welcome to Coldwell Banker Real Estate LLC, a company founded in 1906 on a commitment to professionalism and customer service which remains the cornerstone of our business philosophy today. We are the nation’s oldest real estate company and our experience has helped make the dream of homeownership a reality for millions of families. Whether you are a first-time buyer or in the process of stepping up to your dream home, coldwellbanker.com is a great place to begin the process. We have made everything available to you 24/7 and only a click away - including information on properties for sale and access to the most professional sales agents in the business. Coldwell Banker affiliated real estate agents are the reason clients continue to work with us, transaction after transaction. Their knowledge and experience can guide you through the real estate process and help you with all of the details before, during and after the sale. Coldwell Banker is an Anywhere (NYSE: HOUS) brand.
Loading...
Coldwell Banker Similar Companies
Emaar
WHO WE ARE Emaar is a pioneer of master-planned communities in Dubai since its inception in 1997. It is listed on the Dubai Financial Market as a public joint-stock company. Building upon the legacy of our flagship Downtown Dubai creations — the iconic Burj Khalifa, Dubai Mall, and Dubai Fountain —
Anywhere Real Estate Inc.
Anywhere Real Estate Inc. (NYSE: HOUS) is moving the real estate industry to what's next. A leader of integrated residential real estate services, Anywhere includes franchise, brokerage, relocation, and title and settlement businesses, as well as mortgage and title insurance underwriter joint ventur
Compass is a real estate technology company with a powerful end-to-end platform that supports the entire buying and selling workflow. We deliver an incomparable experience to both agents and their clients all in service of the Compass mission: to help everyone find their place in the world. Founded
MEB Management Services (Morrison, Ekre & Bart Management Services)
MEB’S ability to create value for both clients and residents has been the cornerstone of our success. Scott, Libby, Mark, and Jodi have been active in the real estate management industry and have over 125 years of combined experience. With their breadth and depth of knowledge, MEB is the “go-to” co
Coldwell Banker Realty
Coldwell Banker Realty is one of the nation’s largest real estate brokerages operating in 50 markets in the United States. Powered by a network of approximately 55,000 independent real estate agents and 600 offices, Coldwell Banker Realty, a subsidiary of Anywhere Real Estate Inc. (NYSE:HOUS), opera
Colliers
We are a global diversified professional services and investment management company operating through three industry-leading businesses: Commercial Real Estate, Engineering, and Investment Management. With greater than a 30-year track record of consistent growth and strong recurring cash flows, we s
Lendlease
Lendlease is Australia’s leading real estate business with an international investments platform. We’re city shapers, asset creators and trusted partners. Our deep property experience and bold thinking delivers innovative real estate and investment solutions. Very few organisations can build cit
Greystar
Founded in 1993, Greystar provides world-class service in the residential rental housing industry. Our innovative vertically integrated business model integrates the management, development and investment disciplines of the rental housing industry on international, regional and local levels. This un
CoStar Group
CoStar Group (NASDAQ: CSGP) is a global leader in commercial real estate information, analytics, online marketplaces, and 3D digital twin technology. Founded in 1986, CoStar Group is dedicated to digitizing the world’s real estate, empowering all people to discover properties, insights, and connecti
.png)
Coldwell Banker CyberSecurity News
December 25, 2025 08:00 AM
Grossmont Launches Applied AI Degree
EL CAJON – AI is taking the world by storm – and Grossmont-Cuyamaca Community College District (GCCCD) has noticed.
September 11, 2025 07:00 AM
Cybersecurity risks rise with smart home devices
COLUMBUS, Ohio — As more Ohio families add smart technology such as video doorbells and Wi-Fi thermostats to their homes, cybersecurity...
December 15, 2023 08:00 AM
The Ten: Cyberattacks exposed real estate's vulnerabilities — and strengths
In a year when the real estate industry felt under attack from all sides, hackers decided to pile on, disrupting closings, listings and mortgages.
July 17, 2023 07:00 AM
Orlando Ranks No. 9 for Fastest-growing Tech Hubs Nationally
Located in Orlando's thriving tech industry, UCF helps produce top-talent and innovative developments that drive this sector.
April 11, 2023 07:00 AM
McLain broker AJ Smith wins Coldwell Banker Pathfinder award
Andreas (A.J.) Smith, senior advisor of Appraisal Services and a local broker with Coldwell Banker's McLain Commercial Real Estate was...
November 09, 2022 08:00 AM
The Power Behind UCF’s Tech Talent Machine
UCF is one of the few universities in the nation offering undergraduate degrees and graduate programs and certificates in cybersecurity, augmented reality,...
December 21, 2013 08:00 AM
People on the Move
Avison Young/Western Alliance Commercial's Bram Buckley, associate; John Pinjuv, SIOR; and Reed Simmons, CCIM, a...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Coldwell Banker CyberSecurity History Information
Official Website of Coldwell Banker
The official website of Coldwell Banker is http://coldwellbanker.com.
Coldwell Banker’s AI-Generated Cybersecurity Score
According to Rankiteo, Coldwell Banker’s AI-generated cybersecurity score is 749, reflecting their Moderate security posture.
How many security badges does Coldwell Banker’ have ?
According to Rankiteo, Coldwell Banker currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Coldwell Banker been affected by any supply chain cyber incidents ?
According to Rankiteo, Coldwell Banker has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are:
- Ivanti (Incident ID: SUB1770295740)
- Oracle (Incident ID: ANYSOT1770810849)
- Salesforce (Incident ID: GRU1769118538)
Does Coldwell Banker have SOC 2 Type 1 certification ?
According to Rankiteo, Coldwell Banker is not certified under SOC 2 Type 1.
Does Coldwell Banker have SOC 2 Type 2 certification ?
According to Rankiteo, Coldwell Banker does not hold a SOC 2 Type 2 certification.
Does Coldwell Banker comply with GDPR ?
According to Rankiteo, Coldwell Banker is not listed as GDPR compliant.
Does Coldwell Banker have PCI DSS certification ?
According to Rankiteo, Coldwell Banker does not currently maintain PCI DSS compliance.
Does Coldwell Banker comply with HIPAA ?
According to Rankiteo, Coldwell Banker is not compliant with HIPAA regulations.
Does Coldwell Banker have ISO 27001 certification ?
According to Rankiteo,Coldwell Banker is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Coldwell Banker
Coldwell Banker operates primarily in the Real Estate industry.
Number of Employees at Coldwell Banker
Coldwell Banker employs approximately 42,805 people worldwide.
Subsidiaries Owned by Coldwell Banker
Coldwell Banker presently has no subsidiaries across any sectors.
Coldwell Banker’s LinkedIn Followers
Coldwell Banker’s official LinkedIn profile has approximately 236,644 followers.
NAICS Classification of Coldwell Banker
Coldwell Banker is classified under the NAICS code None, which corresponds to Others.
Coldwell Banker’s Presence on Crunchbase
Yes, Coldwell Banker has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/coldwell-banker.
Coldwell Banker’s Presence on LinkedIn
Yes, Coldwell Banker maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/coldwell-banker.
Cybersecurity Incidents Involving Coldwell Banker
As of April 02, 2026, Rankiteo reports that Coldwell Banker has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Coldwell Banker has an estimated 29,970 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Coldwell Banker ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
How does Coldwell Banker detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified affected individuals on february 3, 2025, and containment measures with patched the vulnerability, and remediation measures with strengthening security measures, and communication strategy with email notification to affected users, and communication strategy with notified impacted individuals via breach notification..
Incident Details
Can you provide details on each incident ?
Title: Grubhub Faces Class Action Lawsuit Over January 2025 Data Breach
Description: A former Grubhub employee has filed a class action lawsuit against the food delivery platform, alleging the company failed to implement adequate security measures to protect sensitive personal and financial data. The complaint claims cybercriminals accessed the information of tens of thousands of customers and employees in a January 2025 breach. The exposed data reportedly included Social Security numbers, addresses, and financial details.
Date Detected: 2025-01
Date Publicly Disclosed: 2025-02-03
Type: Data Breach
Threat Actor: Cybercriminals
Title: Substack 2025 Data Breach Exposing User Email Addresses and Phone Numbers
Description: Substack has notified select users that their email addresses and phone numbers were exposed in a security incident last October. An unauthorized third party accessed internal data on February 3, 2025, though passwords, credit card details, and financial information remained secure. The breach involved email addresses, phone numbers, and internal metadata, but there is no evidence the data has been misused.
Date Detected: 2025-02-03
Type: Data Breach
Threat Actor: Unauthorized third party
Title: Anywhere Real Estate Hit by Clop Ransomware Attack, Exposing 17,429 Customers
Description: In August, Anywhere Real Estate disclosed a data breach affecting 17,429 customers, following an attack by the Clop ransomware gang. The cybercriminals infiltrated the company’s Oracle E-Business Suite environment, accessing and potentially exfiltrating sensitive customer data. A breach notification filed with the Maine Attorney General’s Office confirmed the incident, though details on the exact nature of the compromised information remain limited.
Date Publicly Disclosed: 2023-08
Type: Ransomware
Attack Vector: Vulnerability in enterprise software
Vulnerability Exploited: Oracle E-Business Suite
Threat Actor: Clop ransomware gang
Motivation: Extortion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach GRU1769118538
Data Compromised: Social Security numbers, addresses, financial details
Brand Reputation Impact: Potential reputational damage due to negligence allegations
Legal Liabilities: Class action lawsuit filed
Identity Theft Risk: High
Payment Information Risk: High
Incident : Data Breach SUB1770295740
Data Compromised: Email addresses, phone numbers, internal metadata
Brand Reputation Impact: Acknowledged failure to protect user data
Payment Information Risk: None (credit card details and financial information remained secure)
Incident : Ransomware ANYSOT1770810849
Data Compromised: Sensitive customer data
Systems Affected: Oracle E-Business Suite
Identity Theft Risk: Potential
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal and financial data, Email addresses, phone numbers, internal metadata and Sensitive customer data.
Which entities were affected by each incident ?
Incident : Data Breach GRU1769118538
Entity Name: Grubhub
Entity Type: Company
Industry: Food Delivery
Location: United States
Customers Affected: Tens of thousands
Incident : Data Breach SUB1770295740
Entity Name: Substack
Entity Type: Company
Industry: Publishing/Technology
Incident : Ransomware ANYSOT1770810849
Entity Name: Anywhere Real Estate
Entity Type: Corporation
Industry: Real Estate
Customers Affected: 17,429
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach GRU1769118538
Communication Strategy: Notified affected individuals on February 3, 2025
Incident : Data Breach SUB1770295740
Containment Measures: Patched the vulnerability
Remediation Measures: Strengthening security measures
Communication Strategy: Email notification to affected users
Incident : Ransomware ANYSOT1770810849
Communication Strategy: Notified impacted individuals via breach notification
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach GRU1769118538
Type of Data Compromised: Personal and financial data
Number of Records Exposed: Tens of thousands
Sensitivity of Data: High (Social Security numbers, financial details)
Personally Identifiable Information: Social Security numbers, addresses
Incident : Data Breach SUB1770295740
Type of Data Compromised: Email addresses, phone numbers, internal metadata
Sensitivity of Data: Moderate (PII but no financial data)
Personally Identifiable Information: Email addresses, phone numbers
Incident : Ransomware ANYSOT1770810849
Type of Data Compromised: Sensitive customer data
Number of Records Exposed: 17,429
Sensitivity of Data: High
Data Exfiltration: Potential
Personally Identifiable Information: Potential
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Strengthening security measures.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patched the vulnerability.
Ransomware Information
Was ransomware involved in any of the incidents ?
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach GRU1769118538
Legal Actions: Class action lawsuit filed
Incident : Ransomware ANYSOT1770810849
Regulatory Notifications: Maine Attorney General’s Office
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit filed.
References
Where can I find more information about each incident ?
Incident : Data Breach SUB1770295740
Source: Substack Notification Email
Incident : Ransomware ANYSOT1770810849
Source: Maine Attorney General’s Office
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Class action lawsuit filingDate Accessed: 2025-02-05, and Source: Substack Notification Email, and Source: Maine Attorney General’s Office.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach GRU1769118538
Investigation Status: Ongoing
Incident : Data Breach SUB1770295740
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified affected individuals on February 3, 2025, Email notification to affected users and Notified impacted individuals via breach notification.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach GRU1769118538
Customer Advisories: Notified affected individuals on February 3, 2025
Incident : Data Breach SUB1770295740
Customer Advisories: Email notification sent to affected users
Incident : Ransomware ANYSOT1770810849
Customer Advisories: Notified impacted individuals
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notified affected individuals on February 3, 2025, Email notification sent to affected users and Notified impacted individuals.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach GRU1769118538
Root Causes: Alleged failure to implement adequate security measures
Incident : Data Breach SUB1770295740
Corrective Actions: Strengthening security measures
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Strengthening security measures.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Cybercriminals, Unauthorized third party and Clop ransomware gang.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-08.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, addresses, financial details, Email addresses, phone numbers, internal metadata and Sensitive customer data.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Patched the vulnerability.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, addresses, financial details, Email addresses, phone numbers, internal metadata and Sensitive customer data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 17.4K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit filed.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Attorney General’s Office, Class action lawsuit filing and Substack Notification Email.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Notified affected individuals on February 3, 2025, Email notification sent to affected users and Notified impacted individuals.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=coldwell-banker' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
