Badge
11,371 badges added since 01 January 2025
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built upon our core principle of putting our clients'​ interests first. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a global financial services firm. Social Media Terms and Conditions: https://bit.ly/JPMCSocialTerms © 2017 JPMorgan Chase & Co. JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.

J.P. Morgan A.I CyberSecurity Scoring

J.P. Morgan

Company Details

Linkedin ID:

jpmorgan

Employees number:

82,484

Number of followers:

5,796,290

NAICS:

52

Industry Type:

Financial Services

Homepage:

jpmorgan.com

IP Addresses:

0

Company ID:

J.P_1929778

Scan Status:

In-progress

AI scoreJ.P. Morgan Risk Score (AI oriented)

Between 800 and 849

https://images.rankiteo.com/companyimages/jpmorgan.jpeg
J.P. Morgan Financial Services
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreJ.P. Morgan Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/jpmorgan.jpeg
J.P. Morgan Financial Services
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

J.P. Morgan Company CyberSecurity News & History

Past Incidents
2
Attack Types
2
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
J.P. MorganCyber Attack2513/2026NA
Rankiteo Explanation :
Attack without any consequences

Description: Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack, analyzed by Outpost24’s subsidiary Specops Software, employed a seven-step chain of redirects through trusted services to evade detection and trick the victim. The phishing email, disguised as a legitimate message from JP Morgan, appeared as part of an existing email thread to enhance credibility. It included two DKIM signatures to bypass DMARC authentication, making it appear trustworthy. The malicious link initially pointed to Cisco’s secure-web.cisco.com, a legitimate domain used for URL rewriting, which passed Cisco’s Secure Email Gateway validation. From there, the attack redirected through Nylas, an email API platform, before funneling the victim to a subdomain of a legitimate Indian development company. The final redirect led to a repurposed domain originally registered in 2017 by a Chinese entity, which had been reacquired on March 12 just days after its TLS certificate expired suggesting deliberate repurposing for the campaign. The last stage of the attack used Cloudflare-protected infrastructure to conceal the origin server, serving a browser validation check to evade security analysis. The victim was then presented with a convincing Microsoft 365 phishing page, complete with a fake Outlook loading animation and real-time credential validation to ensure stolen logins were functional. While Specops did not attribute the attack to a specific threat actor, the tactics align with those of Iran-linked groups recently targeting U.S. entities. However, similar techniques have been observed across multiple hacking collectives, leaving attribution uncertain. The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

J.P. MorganBreach10058/2021NA
Rankiteo Explanation :
Attack threatening the organization’s existence

Description: On April 18, 2024, the Vermont Office of the Attorney General disclosed a data breach at J.P. Morgan, stemming from a software vulnerability discovered on February 26, 2024. The incident exposed sensitive personal and financial information of an unspecified number of individuals, including names, addresses, Social Security numbers, and bank account details. The breach posed a severe risk of identity theft, financial fraud, and unauthorized access to customer accounts, given the highly confidential nature of the compromised data. While the exact scale of the breach remains undisclosed, the exposure of such critical information particularly Social Security numbers and banking details heightens the potential for long-term reputational damage, regulatory scrutiny, and legal repercussions for the financial institution. The incident underscores vulnerabilities in J.P. Morgan’s digital infrastructure, raising concerns about the adequacy of its cybersecurity measures in safeguarding customer data against exploitation by malicious actors.

Nylas, Outpost24, Cisco and JP Morgan: Security Firm Executive Targeted in Sophisticated Phishing Attack
Cyber Attack
Severity: 25
Impact: 1
Seen: 3/2026
Blog:
Supply Chain Source: NA
Rankiteo Explanation
Attack without any consequences

Description: Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack, analyzed by Outpost24’s subsidiary Specops Software, employed a seven-step chain of redirects through trusted services to evade detection and trick the victim. The phishing email, disguised as a legitimate message from JP Morgan, appeared as part of an existing email thread to enhance credibility. It included two DKIM signatures to bypass DMARC authentication, making it appear trustworthy. The malicious link initially pointed to Cisco’s secure-web.cisco.com, a legitimate domain used for URL rewriting, which passed Cisco’s Secure Email Gateway validation. From there, the attack redirected through Nylas, an email API platform, before funneling the victim to a subdomain of a legitimate Indian development company. The final redirect led to a repurposed domain originally registered in 2017 by a Chinese entity, which had been reacquired on March 12 just days after its TLS certificate expired suggesting deliberate repurposing for the campaign. The last stage of the attack used Cloudflare-protected infrastructure to conceal the origin server, serving a browser validation check to evade security analysis. The victim was then presented with a convincing Microsoft 365 phishing page, complete with a fake Outlook loading animation and real-time credential validation to ensure stolen logins were functional. While Specops did not attribute the attack to a specific threat actor, the tactics align with those of Iran-linked groups recently targeting U.S. entities. However, similar techniques have been observed across multiple hacking collectives, leaving attribution uncertain. The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

J.P. Morgan
Breach
Severity: 100
Impact: 5
Seen: 8/2021
Blog:
Supply Chain Source: NA
Rankiteo Explanation
Attack threatening the organization’s existence

Description: On April 18, 2024, the Vermont Office of the Attorney General disclosed a data breach at J.P. Morgan, stemming from a software vulnerability discovered on February 26, 2024. The incident exposed sensitive personal and financial information of an unspecified number of individuals, including names, addresses, Social Security numbers, and bank account details. The breach posed a severe risk of identity theft, financial fraud, and unauthorized access to customer accounts, given the highly confidential nature of the compromised data. While the exact scale of the breach remains undisclosed, the exposure of such critical information particularly Social Security numbers and banking details heightens the potential for long-term reputational damage, regulatory scrutiny, and legal repercussions for the financial institution. The incident underscores vulnerabilities in J.P. Morgan’s digital infrastructure, raising concerns about the adequacy of its cybersecurity measures in safeguarding customer data against exploitation by malicious actors.

Ailogo

J.P. Morgan Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for J.P. Morgan

Incidents vs Financial Services Industry Average (This Year)

J.P. Morgan has 50.5% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

J.P. Morgan has 13.79% fewer incidents than the average of all companies with at least one recorded incident.

Incident Types J.P. Morgan vs Financial Services Industry Avg (This Year)

J.P. Morgan reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History — J.P. Morgan (X = Date, Y = Severity)

J.P. Morgan cyber incidents detection timeline including parent company and subsidiaries

J.P. Morgan Company Subsidiaries

SubsidiaryImage

J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built upon our core principle of putting our clients'​ interests first. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a global financial services firm. Social Media Terms and Conditions: https://bit.ly/JPMCSocialTerms © 2017 JPMorgan Chase & Co. JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.

Loading...
similarCompanies

J.P. Morgan Similar Companies

Prudential Financial

Prudential Financial (NYSE:PRU) was founded on the belief that financial security should be within reach for everyone, and for over 140 years, we have helped our customers reach their potential and tackle life's challenges for now and future generations to come. Today, we are one of the world’s larg

Northern Trust

As a global leader in innovative wealth management, asset servicing and investment solutions, Northern Trust (Nasdaq: NTRS) is proud to guide the world’s most successful individuals, families and institutions by remaining true to our enduring principles of service, expertise and integrity. A global

Old Mutual

Old Mutual Limited is a listed company on the Johannesburg Stock Exchange and has secondary listings on the London, Malawi, Namibia and Zimbabwe stock exchanges. As a Pan-African financial services company, we are focused on Africa, her needs and her people. Together with you, we have educated our

MassMutual

Living mutual has always been at the core of our human existence, and it's the principle that's guided us since our founding in 1851. It's not a concept we invented, but one we champion for the simple reason that people take it for granted today. While the world would have us strive for independenc

S&P Global

S&P Global (NYSE: SPGI) enables businesses, governments, and individuals with trusted data, expertise and technology to make decisions with conviction. We are Advancing Essential Intelligence through world-leading benchmarks, data, and insights that customers need in order to plan confidently, act d

Bloomberg

Bloomberg is a global leader in business and financial information, delivering trusted data, news, and insights that bring transparency and efficiency, and fairness to markets. We help connect influential communities across the global financial ecosystem via reliable technology solutions that enable

KPMG US

KPMG is one of the world’s leading professional services firms and the fastest growing Big Four accounting firm in the United States. With 90+ offices and more than 36,000 employees and partners throughout the US, we’re leading the industry in new and exciting ways. Our size and strength make us muc

Revolut

People deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products help our 65+ million customers get more from their money every day. As we continue our lightning-fast growth,‌ 2 things a

Mahindra Finance

Mahindra & Mahindra Financial Services Limited (Mahindra Finance), part of the Mahindra Group, is one of India's leading non-banking finance companies. Focused on the rural and semi-urban sector, the Company has over 10 million customers and has an AUM of over USD 11 Billion. The company is a lead

newsone

J.P. Morgan CyberSecurity News

March 27, 2026 04:01 AM
The high stakes of cybersecurity

As cyber attacks rise in scale and sophistication, investors must assess how prepared companies are to manage cyber risk and build long-term...

March 19, 2026 02:30 AM
‘Trusted Brands Trap’: Phishing Operation Using Cisco and JP Morgan Targets Cybersecurity Firm

Sophisticated 7-stage phishing using Cisco, JP Morgan targets Outpost24 exec. Kratos toolkit evades bots; real payload activates only on...

March 13, 2026 07:00 AM
Cybersecurity imperatives amid Middle East unrest

With escalating geopolitical conflicts, the risk of cyber threats grows, making it crucial to enhance your cybersecurity defenses to protect...

March 10, 2026 07:00 AM
The cybersecurity imperative: Latin America’s challenge and opportunity

Cybersecurity isn't just defense—it's a growth engine reshaping Latin America's digital future.

February 27, 2026 05:00 AM
AI vs. AI: The arms race for security

As artificial intelligence panic fuels exaggerated fears of disruption and sell-offs, cybersecurity and sovereign infrastructure stand to...

February 24, 2026 08:00 AM
CrowdStrike Dived. Why a New AI Tool Crushed Cybersecurity Stocks.

CrowdStrike, Zscaler, Palo Alto Networks, and other cybersecurity stocks fall after Anthropic releases new Claude security tool.

February 13, 2026 08:00 AM
What to know about investing in cybersecurity

Cybersecurity stocks have performed well as high-profile hacks and AI draw attention to the need for strong digital protection.

February 11, 2026 08:00 AM
Surviving the SaaS-pocalypse: JPMorgan’s 3 Top Cyber Stocks Ready to Surge

JPMorgan identified CrowdStrike (CRWD), Palo Alto Networks (PANW) and Zscaler (ZS) as long-term winners amid AI-driven cyber threats.

February 11, 2026 08:00 AM
Surviving the SaaS-pocalypse: JPMorgan’s 3 Top Cyber Stocks Ready to Surge

Anthropic released 11 new plug-ins for its Claude Cowork AI tool at the end of January sparking a massive sell-off in SaaS stocks.

faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

J.P. Morgan CyberSecurity History Information

Official Website of J.P. Morgan

The official website of J.P. Morgan is http://www.jpmorgan.com.

J.P. Morgan’s AI-Generated Cybersecurity Score

According to Rankiteo, J.P. Morgan’s AI-generated cybersecurity score is 810, reflecting their Good security posture.

How many security badges does J.P. Morgan’ have ?

According to Rankiteo, J.P. Morgan currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has J.P. Morgan been affected by any supply chain cyber incidents ?

According to Rankiteo, J.P. Morgan has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does J.P. Morgan have SOC 2 Type 1 certification ?

According to Rankiteo, J.P. Morgan is not certified under SOC 2 Type 1.

Does J.P. Morgan have SOC 2 Type 2 certification ?

According to Rankiteo, J.P. Morgan does not hold a SOC 2 Type 2 certification.

Does J.P. Morgan comply with GDPR ?

According to Rankiteo, J.P. Morgan is not listed as GDPR compliant.

Does J.P. Morgan have PCI DSS certification ?

According to Rankiteo, J.P. Morgan does not currently maintain PCI DSS compliance.

Does J.P. Morgan comply with HIPAA ?

According to Rankiteo, J.P. Morgan is not compliant with HIPAA regulations.

Does J.P. Morgan have ISO 27001 certification ?

According to Rankiteo,J.P. Morgan is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of J.P. Morgan

J.P. Morgan operates primarily in the Financial Services industry.

Number of Employees at J.P. Morgan

J.P. Morgan employs approximately 82,484 people worldwide.

Subsidiaries Owned by J.P. Morgan

J.P. Morgan presently has no subsidiaries across any sectors.

J.P. Morgan’s LinkedIn Followers

J.P. Morgan’s official LinkedIn profile has approximately 5,796,290 followers.

NAICS Classification of J.P. Morgan

J.P. Morgan is classified under the NAICS code 52, which corresponds to Finance and Insurance.

J.P. Morgan’s Presence on Crunchbase

No, J.P. Morgan does not have a profile on Crunchbase.

J.P. Morgan’s Presence on LinkedIn

Yes, J.P. Morgan maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/jpmorgan.

Cybersecurity Incidents Involving J.P. Morgan

As of April 02, 2026, Rankiteo reports that J.P. Morgan has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

J.P. Morgan has an estimated 31,536 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at J.P. Morgan ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.

How does J.P. Morgan detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with specops software (outpost24 subsidiary)..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

Title: J.P. Morgan Data Breach Due to Software Issue (2024)

Description: The Vermont Office of the Attorney General reported a data breach involving J.P. Morgan that occurred due to a software issue on February 26, 2024, potentially affecting personal and financial information, including names, addresses, Social Security numbers, and bank account details of an unknown number of individuals.

Date Detected: 2024-02-26

Date Publicly Disclosed: 2024-04-18

Type: Data Breach

Vulnerability Exploited: Software Issue

Incident : Phishing

Title: Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit

Description: A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack employed a seven-step chain of redirects through trusted services to evade detection and trick the victim.

Type: Phishing

Attack Vector: Email

Vulnerability Exploited: DMARC authentication bypass, trusted infrastructure abuse

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing email (JP Morgan-themed).

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach JPM004091825

Data Compromised: Names, Addresses, Social security numbers, Bank account details

Identity Theft Risk: Potential

Payment Information Risk: Potential

Incident : Phishing NYLJPMOUTOUT1773678705

Data Compromised: Credentials (Microsoft 365)

Identity Theft Risk: High

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Financial Information, and Credentials.

Which entities were affected by each incident ?

Incident : Data Breach JPM004091825

Entity Name: J.P. Morgan

Entity Type: Financial Institution

Industry: Banking/Financial Services

Location: United States

Customers Affected: Unknown

Incident : Phishing NYLJPMOUTOUT1773678705

Entity Name: Outpost24

Entity Type: Organization

Industry: Cybersecurity (Exposure Management & Identity Security)

Location: Sweden

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Phishing NYLJPMOUTOUT1773678705

Third Party Assistance: Specops Software (Outpost24 subsidiary)

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through Specops Software (Outpost24 subsidiary).

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach JPM004091825

Type of Data Compromised: Personal information, Financial information

Number of Records Exposed: Unknown

Sensitivity of Data: High

Personally Identifiable Information: namesaddressesSocial Security numbers

Incident : Phishing NYLJPMOUTOUT1773678705

Type of Data Compromised: Credentials

Sensitivity of Data: High (Microsoft 365 logins)

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Data Breach JPM004091825

Regulatory Notifications: Vermont Office of the Attorney General

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Phishing NYLJPMOUTOUT1773678705

Lessons Learned: The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

References

Where can I find more information about each incident ?

Incident : Data Breach JPM004091825

Source: Vermont Office of the Attorney General

Date Accessed: 2024-04-18

Incident : Phishing NYLJPMOUTOUT1773678705

Source: Specops Software (Outpost24 subsidiary)

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-04-18, and Source: Specops Software (Outpost24 subsidiary).

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Phishing NYLJPMOUTOUT1773678705

Entry Point: Phishing email (JP Morgan-themed)

High Value Targets: C-level executive

Data Sold on Dark Web: C-level executive

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach JPM004091825

Root Causes: Software Issue

Incident : Phishing NYLJPMOUTOUT1773678705

Root Causes: Abuse of trusted infrastructure (Cisco Secure Email Gateway, Nylas, Cloudflare), DMARC bypass, repurposed domain

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Specops Software (Outpost24 subsidiary).

Additional Questions

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2024-02-26.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-04-18.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, Social Security numbers, bank account details, and Credentials (Microsoft 365).

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Specops Software (Outpost24 subsidiary).

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, addresses, Credentials (Microsoft 365), names and bank account details.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.

Lessons Learned and Recommendations

What was the most significant lesson learned from past incidents ?

Most Significant Lesson Learned: The most significant lesson learned from past incidents was The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Vermont Office of the Attorney General and Specops Software (Outpost24 subsidiary).

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing email (JP Morgan-themed).

Post-Incident Analysis

What was the most significant root cause identified in post-incident analysis ?

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Software Issue, Abuse of trusted infrastructure (Cisco Secure Email Gateway, Nylas, Cloudflare), DMARC bypass, repurposed domain.

cve

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=jpmorgan' -H 'apikey: YOUR_API_KEY_HERE'

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
Users Love Us Badge