General Mills
Company Details
Linkedin ID:
general-mills
Website:
Employees number:
24,800
Number of followers:
776,292
NAICS:
30
Industry Type:
Homepage:
generalmills.com
IP Addresses:
77
Company ID:
GEN_9070107
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
General Mills Vendor Cyber Rating & Cyber Score
generalmills.comWe exist to make food the world loves. But we do more than that. General Mills is a place that prioritizes being a force for good, a place to expand learning, explore new perspectives and reimagine new possibilities, every day. We look for people who want to bring their best—bold thinkers with big hearts who challenge one other and grow together. Because becoming the undisputed leader in food means surrounding ourselves with people who are hungry for what’s next.
General Mills A.I CyberSecurity Scoring
General Mills Risk Score (AI oriented)Between 700 and 749
General Mills
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
General Mills Global Score (TPRM)XXXX
General Mills
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
General Mills Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Insight Hospital and Medical Center and General Motors: Project Compass: first operational results against The Com network
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Project Compass Disrupts "The Com" Extremist Network in First Year of Operation In its inaugural year, Project Compass a multinational initiative has achieved significant operational results against "The Com", a decentralized extremist network targeting minors and vulnerable individuals both online and offline. The project, which facilitates coordinated investigations, rapid threat response, and structured information sharing among 28 countries, has led to the identification of 179 perpetrators and 62 victims since January 2025. Among its key outcomes, Project Compass has supported nine joint awareness-raising activities, reinforcing cross-border collaboration in countering digital extremism. The effort underscores the growing role of international partnerships in addressing transnational cyber threats. Separately, a recent legal ruling by the Tenth Circuit Court determined that the Fourth Amendment does not justify broad searches of protesters’ digital devices, setting a precedent for digital privacy protections. Meanwhile, a convicted online predator pleaded guilty to hacking social media accounts and extorting hundreds of teens and young adults, highlighting the persistent risks of digital exploitation. In other developments, Israel reportedly launched the largest cyberattack in history against Iran, causing widespread disruptions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released new guidance on establishing multi-disciplinary insider threat management teams, while hacktivists claimed to have breached the Department of Homeland Security (DHS), leaking ICE contract data. Additional incidents include a South Korean police error that resulted in the loss of seized cryptocurrency after posting a password online, and a Connecticut Senate bill proposing stricter data breach response requirements. Meanwhile, Iowa accused General Motors of failing to disclose OnStar data-sharing practices, and Insight Hospital and Medical Center suffered a data leak exposing sensitive information on the dark web.
General Mills, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving General Mills, Inc. on January 12, 2023. The breach, which occurred between November 18 and December 31, 2022, compromised the names and full dates of birth of approximately 18,268 users. This incident highlights the vulnerability of personal information and the importance of robust cybersecurity measures to protect sensitive data.
General Mills Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for General Mills
Incidents vs Manufacturing Industry Average (This Year)
No incidents recorded for General Mills in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for General Mills in 2026.
Incident Types General Mills vs Manufacturing Industry Avg (This Year)
No incidents recorded for General Mills in 2026.
Incident History — General Mills (X = Date, Y = Severity)
General Mills cyber incidents detection timeline including parent company and subsidiaries
General Mills Company Subsidiaries
We exist to make food the world loves. But we do more than that. General Mills is a place that prioritizes being a force for good, a place to expand learning, explore new perspectives and reimagine new possibilities, every day. We look for people who want to bring their best—bold thinkers with big hearts who challenge one other and grow together. Because becoming the undisputed leader in food means surrounding ourselves with people who are hungry for what’s next.
Loading...
General Mills Similar Companies
About Working with Future Group gives you an opportunity to be part of a family with a unique culture and beliefs. Drawing from the vision of modern Indian retail, we have built a company that our people are proud of and our customers and communities value. Mission We share the vision and b
Amway
Amway is a business owner-led health and wellbeing company based in Ada, Michigan, USA. It is committed to helping people live better, healthier lives across more than 100 markets and territories worldwide. Top-selling brands for Amway are Nutrilite™, Artistry™, and XS™ —all sold exclusively by entr
Prysmian
Prysmian is a global cabling solutions provider leading the energy transition and digital transformation. By leveraging its wide geographical footprint and extensive product range, its track record of technological leadership and innovation, and a strong customer base, the company is well-placed to
AB InBev
As a company, we dream big to create a future with more cheers. We are always looking to serve up new ways to meet life’s moments, move our industry forward and make a meaningful impact in the world. We are committed to building great brands that stand the test of time and to brewing the best beers
Vedanta Group
We operate on the belief that our people are our core assets and we consistently endeavour towards developing their potential to be our future leaders and key employees. We currently operate in India, South Africa, Liberia and Namibia, through our various subsidiaries. We seek to attract talent espe
the LEGO Group
We are the LEGO Group, the company behind the world’s most loved LEGO® bricks. Our brand name derived from the two Danish words Leg Godt, which mean “Play Well”. We’ve been sparking imaginations and inspiring the builders of tomorrow since 1932. This is our mission and what motivates our colleague
DuPont
Beware of recruitment scams! Please read important information for job seekers: https://www.dupont.com/careers/hiring-faqs.html We’re creating advanced solutions that help transform industries and improve everyday life across our key markets of healthcare, water, construction and transformation. At
Procter & Gamble
P&G was founded more than 185 years ago as a soap and candle company. Today, we’re one of the world’s largest consumer goods companies and home to iconic, trusted brands, including Always®, Charmin®, Braun®, Fairy®, Febreze®, Gillette®, Head & Shoulders®, Oral B®, Pantene®, Pampers®, Tide®, and Vick
RPG Group
RPG Group, established in 1979 and headquartered in Mumbai, is one of India's fastest growing diversified business group with a turnover in excess of US$5.2 billion. The Group has a presence in the core sectors of the economy - Infrastructure (KEC International), Mobility (CEAT), Information Technol
.png)
General Mills CyberSecurity News
February 05, 2026 08:00 AM
Super Bowl stadium will showcase next-gen digital signage, cybersecurity
The world's largest outdoor 4K video boards, interconnected LED screens and ribbon boards will provide an immersive game day experience,...
November 20, 2025 08:00 AM
The Cyber Threats Hiding in the Food Supply Chain
The food and beverage industry runs on complex supply chains where every system depends on the other. And with digital tools now handling...
September 25, 2025 07:00 AM
Meet Nadia: Valence's AI coach for leadership development and workplace collaboration
Bessemer Venture Partners leads Valence's $50M Series B to make AI coaching accessible across the Fortune 1000.
August 19, 2025 07:00 AM
Cybersecurity News: Workday breach, post-quantum alliance, Chinese group targets Taiwan
Over the weekend, the human resources technology giant confirmed that threat actors accessed a third-party customer relationship database,...
June 25, 2025 07:00 AM
Jim Cramer lists five market sectors he thinks are working right now and five that are not
CNBC's Jim Cramer on Wednesday picked out five sectors that he thinks are performing well in the current economic environment, and he gave...
June 17, 2025 07:00 AM
General Mills to remove certified colors from foods
General Mills is shifting away from using certified colors in all foods, starting with what's being served in K-12 schools.
March 20, 2025 07:00 AM
Cybersecurity jobs available right now in the USA: March 20, 2025
Here are the cybersecurity job openings in the USA as of March 20, 2025, including on-site, hybrid, and remote roles.
February 04, 2025 08:00 AM
Kept in the Dark: Meet the Hired Guns Who Ensure School Cyberattacks Stay Hidden
An in-depth analysis chronicling more than 300 school cyberattacks over the past five years reveals the degree to which school leaders in virtually every state...
January 23, 2025 08:00 AM
We're seeing tremendous value in supply chain digitisation: General Mills India digital & tech head
General Mills India, a division of US-based General Mills Inc., known for popular food brands, including Pillsbury, Betty Crocker,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
General Mills CyberSecurity History Information
Official Website of General Mills
The official website of General Mills is http://www.generalmills.com.
General Mills’s AI-Generated Cybersecurity Score
According to Rankiteo, General Mills’s AI-generated cybersecurity score is 737, reflecting their Moderate security posture.
How many security badges does General Mills’ have ?
According to Rankiteo, General Mills currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has General Mills been affected by any supply chain cyber incidents ?
According to Rankiteo, General Mills has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does General Mills have SOC 2 Type 1 certification ?
According to Rankiteo, General Mills is not certified under SOC 2 Type 1.
Does General Mills have SOC 2 Type 2 certification ?
According to Rankiteo, General Mills does not hold a SOC 2 Type 2 certification.
Does General Mills comply with GDPR ?
According to Rankiteo, General Mills is not listed as GDPR compliant.
Does General Mills have PCI DSS certification ?
According to Rankiteo, General Mills does not currently maintain PCI DSS compliance.
Does General Mills comply with HIPAA ?
According to Rankiteo, General Mills is not compliant with HIPAA regulations.
Does General Mills have ISO 27001 certification ?
According to Rankiteo,General Mills is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of General Mills
General Mills operates primarily in the Manufacturing industry.
Number of Employees at General Mills
General Mills employs approximately 24,800 people worldwide.
Subsidiaries Owned by General Mills
General Mills presently has no subsidiaries across any sectors.
General Mills’s LinkedIn Followers
General Mills’s official LinkedIn profile has approximately 776,292 followers.
NAICS Classification of General Mills
General Mills is classified under the NAICS code 30, which corresponds to Manufacturing.
General Mills’s Presence on Crunchbase
No, General Mills does not have a profile on Crunchbase.
General Mills’s Presence on LinkedIn
Yes, General Mills maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/general-mills.
Cybersecurity Incidents Involving General Mills
As of April 03, 2026, Rankiteo reports that General Mills has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
General Mills has an estimated 8,082 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at General Mills ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does General Mills detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with project compass (multinational initiative), and containment measures with identification of 179 perpetrators, disruption of network operations, and communication strategy with joint awareness-raising activities (9)..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at General Mills, Inc.
Description: The Washington State Office of the Attorney General reported a data breach involving General Mills, Inc. on January 12, 2023. The breach, which occurred between November 18 and December 31, 2022, compromised the names and full dates of birth of approximately 18,268 users.
Date Detected: 2023-01-12
Date Publicly Disclosed: 2023-01-12
Type: Data Breach
Title: Project Compass Disrupts 'The Com' Extremist Network
Description: Project Compass, a multinational initiative, disrupted 'The Com', a decentralized extremist network targeting minors and vulnerable individuals online and offline. The project identified 179 perpetrators and 62 victims, supported joint awareness-raising activities, and reinforced cross-border collaboration in countering digital extremism.
Date Detected: 2025-01-01
Type: Cyber Extremism
Attack Vector: Social EngineeringAccount Hacking
Threat Actor: The Com (Decentralized Extremist Network)
Motivation: Ideological ExtremismExploitation of Minors
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach GEN149072825
Data Compromised: Names, Full dates of birth
Incident : Cyber Extremism GENPRO1772485033
Operational Impact: Disruption of extremist network operations
Identity Theft Risk: High (for victims)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Full Dates Of Birth, , Sensitive Information, Personally Identifiable Information and .
Which entities were affected by each incident ?
Incident : Data Breach GEN149072825
Entity Name: General Mills, Inc.
Entity Type: Corporation
Industry: Food and Beverage
Customers Affected: 18268
Incident : Cyber Extremism GENPRO1772485033
Entity Name: The Com
Entity Type: Extremist Network
Industry: Cyber Extremism
Location: Global (28 countries)
Customers Affected: 62 victims (minors and vulnerable individuals)
Incident : Cyber Extremism GENPRO1772485033
Entity Name: Online Predator (Unnamed)
Entity Type: Individual
Location: United States
Customers Affected: Hundreds of teens and young adults
Incident : Cyber Extremism GENPRO1772485033
Entity Name: Insight Hospital and Medical Center
Entity Type: Healthcare Provider
Industry: Healthcare
Location: United States
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyber Extremism GENPRO1772485033
Third Party Assistance: Project Compass (Multinational Initiative)
Containment Measures: Identification of 179 perpetrators, disruption of network operations
Communication Strategy: Joint awareness-raising activities (9)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Project Compass (Multinational Initiative).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach GEN149072825
Type of Data Compromised: Names, Full dates of birth
Number of Records Exposed: 18268
Incident : Cyber Extremism GENPRO1772485033
Type of Data Compromised: Sensitive information, Personally identifiable information
Sensitivity of Data: High
Data Exfiltration: Leaked on dark web (Insight Hospital and Medical Center)
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by identification of 179 perpetrators and disruption of network operations.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Cyber Extremism GENPRO1772485033
Legal Actions: Tenth Circuit Court ruling on Fourth Amendment and digital device searches, Connecticut Senate bill proposing stricter data breach response requirements,
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Tenth Circuit Court ruling on Fourth Amendment and digital device searches, Connecticut Senate bill proposing stricter data breach response requirements, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Cyber Extremism GENPRO1772485033
Lessons Learned: Importance of international partnerships in countering transnational cyber threats and digital extremism.
What recommendations were made to prevent future incidents ?
Incident : Cyber Extremism GENPRO1772485033
Recommendations: Enhance cross-border collaboration in cyber threat investigations, Implement stricter data privacy protections for minors, Adopt multi-disciplinary insider threat management teams (CISA guidance)Enhance cross-border collaboration in cyber threat investigations, Implement stricter data privacy protections for minors, Adopt multi-disciplinary insider threat management teams (CISA guidance)Enhance cross-border collaboration in cyber threat investigations, Implement stricter data privacy protections for minors, Adopt multi-disciplinary insider threat management teams (CISA guidance)
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of international partnerships in countering transnational cyber threats and digital extremism.
References
Where can I find more information about each incident ?
Incident : Data Breach GEN149072825
Source: Washington State Office of the Attorney General
Date Accessed: 2023-01-12
Incident : Cyber Extremism GENPRO1772485033
Source: Project Compass
Incident : Cyber Extremism GENPRO1772485033
Source: Tenth Circuit Court Ruling
Incident : Cyber Extremism GENPRO1772485033
Source: CISA Guidance on Insider Threat Management
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2023-01-12, and Source: Project Compass, and Source: Tenth Circuit Court Ruling, and Source: CISA Guidance on Insider Threat Management.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyber Extremism GENPRO1772485033
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Joint awareness-raising activities (9).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Cyber Extremism GENPRO1772485033
Stakeholder Advisories: Cross-border collaboration and awareness-raising activities
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Cross-border collaboration and awareness-raising activities.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Cyber Extremism GENPRO1772485033
High Value Targets: Minors and vulnerable individuals
Data Sold on Dark Web: Minors and vulnerable individuals
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Cyber Extremism GENPRO1772485033
Root Causes: Decentralized Extremist Networks Exploiting Digital Platforms, Lack Of Stringent Data Privacy Protections For Minors,
Corrective Actions: Strengthening International Cyber Threat Response Frameworks, Enhancing Digital Privacy Laws,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Project Compass (Multinational Initiative).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Strengthening International Cyber Threat Response Frameworks, Enhancing Digital Privacy Laws, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an The Com (Decentralized Extremist Network).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-01-12.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-01-12.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, full dates of birth and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Project Compass (Multinational Initiative).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Identification of 179 perpetrators and disruption of network operations.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were names and full dates of birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 250.0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Tenth Circuit Court ruling on Fourth Amendment and digital device searches, Connecticut Senate bill proposing stricter data breach response requirements, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Importance of international partnerships in countering transnational cyber threats and digital extremism.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement stricter data privacy protections for minors, Adopt multi-disciplinary insider threat management teams (CISA guidance) and Enhance cross-border collaboration in cyber threat investigations.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Washington State Office of the Attorney General, CISA Guidance on Insider Threat Management, Project Compass and Tenth Circuit Court Ruling.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Cross-border collaboration and awareness-raising activities, .
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=general-mills' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
