Badge
11,371 badges added since 01 January 2025
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built upon our core principle of putting our clients'​ interests first. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a global financial services firm. Social Media Terms and Conditions: https://bit.ly/JPMCSocialTerms © 2017 JPMorgan Chase & Co. JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.

J.P. Morgan A.I CyberSecurity Scoring

J.P. Morgan

Company Details

Linkedin ID:

jpmorgan

Employees number:

82,484

Number of followers:

5,796,290

NAICS:

52

Industry Type:

Financial Services

Homepage:

jpmorgan.com

IP Addresses:

0

Company ID:

J.P_1929778

Scan Status:

In-progress

AI scoreJ.P. Morgan Risk Score (AI oriented)

Between 800 and 849

https://images.rankiteo.com/companyimages/jpmorgan.jpeg
J.P. Morgan Financial Services
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreJ.P. Morgan Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/jpmorgan.jpeg
J.P. Morgan Financial Services
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

J.P. Morgan Company CyberSecurity News & History

Past Incidents
2
Attack Types
2
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
J.P. MorganCyber Attack2513/2026NA
Rankiteo Explanation :
Attack without any consequences

Description: Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack, analyzed by Outpost24’s subsidiary Specops Software, employed a seven-step chain of redirects through trusted services to evade detection and trick the victim. The phishing email, disguised as a legitimate message from JP Morgan, appeared as part of an existing email thread to enhance credibility. It included two DKIM signatures to bypass DMARC authentication, making it appear trustworthy. The malicious link initially pointed to Cisco’s secure-web.cisco.com, a legitimate domain used for URL rewriting, which passed Cisco’s Secure Email Gateway validation. From there, the attack redirected through Nylas, an email API platform, before funneling the victim to a subdomain of a legitimate Indian development company. The final redirect led to a repurposed domain originally registered in 2017 by a Chinese entity, which had been reacquired on March 12 just days after its TLS certificate expired suggesting deliberate repurposing for the campaign. The last stage of the attack used Cloudflare-protected infrastructure to conceal the origin server, serving a browser validation check to evade security analysis. The victim was then presented with a convincing Microsoft 365 phishing page, complete with a fake Outlook loading animation and real-time credential validation to ensure stolen logins were functional. While Specops did not attribute the attack to a specific threat actor, the tactics align with those of Iran-linked groups recently targeting U.S. entities. However, similar techniques have been observed across multiple hacking collectives, leaving attribution uncertain. The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

J.P. MorganBreach10058/2021NA
Rankiteo Explanation :
Attack threatening the organization’s existence

Description: On April 18, 2024, the Vermont Office of the Attorney General disclosed a data breach at J.P. Morgan, stemming from a software vulnerability discovered on February 26, 2024. The incident exposed sensitive personal and financial information of an unspecified number of individuals, including names, addresses, Social Security numbers, and bank account details. The breach posed a severe risk of identity theft, financial fraud, and unauthorized access to customer accounts, given the highly confidential nature of the compromised data. While the exact scale of the breach remains undisclosed, the exposure of such critical information particularly Social Security numbers and banking details heightens the potential for long-term reputational damage, regulatory scrutiny, and legal repercussions for the financial institution. The incident underscores vulnerabilities in J.P. Morgan’s digital infrastructure, raising concerns about the adequacy of its cybersecurity measures in safeguarding customer data against exploitation by malicious actors.

Nylas, Outpost24, Cisco and JP Morgan: Security Firm Executive Targeted in Sophisticated Phishing Attack
Cyber Attack
Severity: 25
Impact: 1
Seen: 3/2026
Blog:
Supply Chain Source: NA
Rankiteo Explanation
Attack without any consequences

Description: Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack, analyzed by Outpost24’s subsidiary Specops Software, employed a seven-step chain of redirects through trusted services to evade detection and trick the victim. The phishing email, disguised as a legitimate message from JP Morgan, appeared as part of an existing email thread to enhance credibility. It included two DKIM signatures to bypass DMARC authentication, making it appear trustworthy. The malicious link initially pointed to Cisco’s secure-web.cisco.com, a legitimate domain used for URL rewriting, which passed Cisco’s Secure Email Gateway validation. From there, the attack redirected through Nylas, an email API platform, before funneling the victim to a subdomain of a legitimate Indian development company. The final redirect led to a repurposed domain originally registered in 2017 by a Chinese entity, which had been reacquired on March 12 just days after its TLS certificate expired suggesting deliberate repurposing for the campaign. The last stage of the attack used Cloudflare-protected infrastructure to conceal the origin server, serving a browser validation check to evade security analysis. The victim was then presented with a convincing Microsoft 365 phishing page, complete with a fake Outlook loading animation and real-time credential validation to ensure stolen logins were functional. While Specops did not attribute the attack to a specific threat actor, the tactics align with those of Iran-linked groups recently targeting U.S. entities. However, similar techniques have been observed across multiple hacking collectives, leaving attribution uncertain. The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

J.P. Morgan
Breach
Severity: 100
Impact: 5
Seen: 8/2021
Blog:
Supply Chain Source: NA
Rankiteo Explanation
Attack threatening the organization’s existence

Description: On April 18, 2024, the Vermont Office of the Attorney General disclosed a data breach at J.P. Morgan, stemming from a software vulnerability discovered on February 26, 2024. The incident exposed sensitive personal and financial information of an unspecified number of individuals, including names, addresses, Social Security numbers, and bank account details. The breach posed a severe risk of identity theft, financial fraud, and unauthorized access to customer accounts, given the highly confidential nature of the compromised data. While the exact scale of the breach remains undisclosed, the exposure of such critical information particularly Social Security numbers and banking details heightens the potential for long-term reputational damage, regulatory scrutiny, and legal repercussions for the financial institution. The incident underscores vulnerabilities in J.P. Morgan’s digital infrastructure, raising concerns about the adequacy of its cybersecurity measures in safeguarding customer data against exploitation by malicious actors.

Ailogo

J.P. Morgan Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for J.P. Morgan

Incidents vs Financial Services Industry Average (This Year)

J.P. Morgan has 50.5% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

J.P. Morgan has 13.79% fewer incidents than the average of all companies with at least one recorded incident.

Incident Types J.P. Morgan vs Financial Services Industry Avg (This Year)

J.P. Morgan reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History — J.P. Morgan (X = Date, Y = Severity)

J.P. Morgan cyber incidents detection timeline including parent company and subsidiaries

J.P. Morgan Company Subsidiaries

SubsidiaryImage

J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built upon our core principle of putting our clients'​ interests first. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a global financial services firm. Social Media Terms and Conditions: https://bit.ly/JPMCSocialTerms © 2017 JPMorgan Chase & Co. JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.

Loading...
similarCompanies

J.P. Morgan Similar Companies

Standard Bank Group

As a brand with a legacy of over 160 years in Africa, we have a deep understanding and belief in the boundless opportunities that this continent presents. Our vision extends beyond mere geography; it encompasses a profound recognition of the potential for growth that resonates within our people, cus

Societe Generale Corporate and Investment Banking - SGCIB

We support you over time, during expansion phases and their more challenging periods alike. By providing a full range of solutions suited to your needs, we play a facilitating role to help you realise your ambitions and leverage your potential. This is why we intend to develop an authentic advisory

American Express

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are co

JPMorganChase

With a history tracing its roots to 1799 in New York City, JPMorganChase is one of the world's oldest, largest, and best-known financial institutions—carrying forth the innovative spirit of our heritage firms in global operations across 100 markets. We serve millions of customers and many of the w

Aditya Birla Capital

Aditya Birla Capital Ltd is a financial services company based out of One World Center, Tower 1, 18th Floor, Jupiter Mills Compound, 841, Senapati Bapat Marg, Elphinstone Road, MUMBAI, India. - Aditya Birla Capital is committed to provide equal opportunity to all in employment and prohibits discrim

CreditEase

Founded in 2006, CreditEase is a Beijing-based world-leading FinTech conglomerate in China. It specializes in inclusive finance and wealth management with a dominant position in credit technology, wealth management technology, insurance technology, etc. Main business sectors of CreditEase include Yi

The Max Group

Max Group is a $7 billion diversified Indian conglomerate founded by Mr. Analjit Singh with a strong presence across Senior Care, Life Insurance, and Real Estate. Guided by a purpose-driven approach, we aim to create meaningful solutions that improve lives and deliver lasting value. Max India Lim

Motilal Oswal Financial Services Ltd

Motilal Oswal Financial Services Ltd. (MOFSL) was founded in 1987 as a small sub-broking unit, with just 2 people running the show. Focus on a customer-first attitude, ethical and transparent business practices, respect for professionalism, research-based value investing, and implementation of cutti

Angel One

Angel One Limited is a Fintech company providing broking services, margin trading facility, research services, depository services, investment education and distribution of third-party financial products to its clients, on a mission to become the No. 1 fintech organization in India. With about 32 mi

newsone

J.P. Morgan CyberSecurity News

March 27, 2026 04:01 AM
The high stakes of cybersecurity

As cyber attacks rise in scale and sophistication, investors must assess how prepared companies are to manage cyber risk and build long-term...

March 19, 2026 02:30 AM
‘Trusted Brands Trap’: Phishing Operation Using Cisco and JP Morgan Targets Cybersecurity Firm

Sophisticated 7-stage phishing using Cisco, JP Morgan targets Outpost24 exec. Kratos toolkit evades bots; real payload activates only on...

March 13, 2026 07:00 AM
Cybersecurity imperatives amid Middle East unrest

With escalating geopolitical conflicts, the risk of cyber threats grows, making it crucial to enhance your cybersecurity defenses to protect...

March 10, 2026 07:00 AM
The cybersecurity imperative: Latin America’s challenge and opportunity

Cybersecurity isn't just defense—it's a growth engine reshaping Latin America's digital future.

February 27, 2026 05:00 AM
AI vs. AI: The arms race for security

As artificial intelligence panic fuels exaggerated fears of disruption and sell-offs, cybersecurity and sovereign infrastructure stand to...

February 24, 2026 08:00 AM
CrowdStrike Dived. Why a New AI Tool Crushed Cybersecurity Stocks.

CrowdStrike, Zscaler, Palo Alto Networks, and other cybersecurity stocks fall after Anthropic releases new Claude security tool.

February 13, 2026 08:00 AM
What to know about investing in cybersecurity

Cybersecurity stocks have performed well as high-profile hacks and AI draw attention to the need for strong digital protection.

February 11, 2026 08:00 AM
Surviving the SaaS-pocalypse: JPMorgan’s 3 Top Cyber Stocks Ready to Surge

JPMorgan identified CrowdStrike (CRWD), Palo Alto Networks (PANW) and Zscaler (ZS) as long-term winners amid AI-driven cyber threats.

February 11, 2026 08:00 AM
Surviving the SaaS-pocalypse: JPMorgan’s 3 Top Cyber Stocks Ready to Surge

Anthropic released 11 new plug-ins for its Claude Cowork AI tool at the end of January sparking a massive sell-off in SaaS stocks.

faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

J.P. Morgan CyberSecurity History Information

Official Website of J.P. Morgan

The official website of J.P. Morgan is http://www.jpmorgan.com.

J.P. Morgan’s AI-Generated Cybersecurity Score

According to Rankiteo, J.P. Morgan’s AI-generated cybersecurity score is 810, reflecting their Good security posture.

How many security badges does J.P. Morgan’ have ?

According to Rankiteo, J.P. Morgan currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has J.P. Morgan been affected by any supply chain cyber incidents ?

According to Rankiteo, J.P. Morgan has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does J.P. Morgan have SOC 2 Type 1 certification ?

According to Rankiteo, J.P. Morgan is not certified under SOC 2 Type 1.

Does J.P. Morgan have SOC 2 Type 2 certification ?

According to Rankiteo, J.P. Morgan does not hold a SOC 2 Type 2 certification.

Does J.P. Morgan comply with GDPR ?

According to Rankiteo, J.P. Morgan is not listed as GDPR compliant.

Does J.P. Morgan have PCI DSS certification ?

According to Rankiteo, J.P. Morgan does not currently maintain PCI DSS compliance.

Does J.P. Morgan comply with HIPAA ?

According to Rankiteo, J.P. Morgan is not compliant with HIPAA regulations.

Does J.P. Morgan have ISO 27001 certification ?

According to Rankiteo,J.P. Morgan is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of J.P. Morgan

J.P. Morgan operates primarily in the Financial Services industry.

Number of Employees at J.P. Morgan

J.P. Morgan employs approximately 82,484 people worldwide.

Subsidiaries Owned by J.P. Morgan

J.P. Morgan presently has no subsidiaries across any sectors.

J.P. Morgan’s LinkedIn Followers

J.P. Morgan’s official LinkedIn profile has approximately 5,796,290 followers.

NAICS Classification of J.P. Morgan

J.P. Morgan is classified under the NAICS code 52, which corresponds to Finance and Insurance.

J.P. Morgan’s Presence on Crunchbase

No, J.P. Morgan does not have a profile on Crunchbase.

J.P. Morgan’s Presence on LinkedIn

Yes, J.P. Morgan maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/jpmorgan.

Cybersecurity Incidents Involving J.P. Morgan

As of April 02, 2026, Rankiteo reports that J.P. Morgan has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

J.P. Morgan has an estimated 31,537 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at J.P. Morgan ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.

How does J.P. Morgan detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with specops software (outpost24 subsidiary)..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

Title: J.P. Morgan Data Breach Due to Software Issue (2024)

Description: The Vermont Office of the Attorney General reported a data breach involving J.P. Morgan that occurred due to a software issue on February 26, 2024, potentially affecting personal and financial information, including names, addresses, Social Security numbers, and bank account details of an unknown number of individuals.

Date Detected: 2024-02-26

Date Publicly Disclosed: 2024-04-18

Type: Data Breach

Vulnerability Exploited: Software Issue

Incident : Phishing

Title: Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit

Description: A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack employed a seven-step chain of redirects through trusted services to evade detection and trick the victim.

Type: Phishing

Attack Vector: Email

Vulnerability Exploited: DMARC authentication bypass, trusted infrastructure abuse

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing email (JP Morgan-themed).

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach JPM004091825

Data Compromised: Names, Addresses, Social security numbers, Bank account details

Identity Theft Risk: Potential

Payment Information Risk: Potential

Incident : Phishing NYLJPMOUTOUT1773678705

Data Compromised: Credentials (Microsoft 365)

Identity Theft Risk: High

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Financial Information, and Credentials.

Which entities were affected by each incident ?

Incident : Data Breach JPM004091825

Entity Name: J.P. Morgan

Entity Type: Financial Institution

Industry: Banking/Financial Services

Location: United States

Customers Affected: Unknown

Incident : Phishing NYLJPMOUTOUT1773678705

Entity Name: Outpost24

Entity Type: Organization

Industry: Cybersecurity (Exposure Management & Identity Security)

Location: Sweden

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Phishing NYLJPMOUTOUT1773678705

Third Party Assistance: Specops Software (Outpost24 subsidiary)

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through Specops Software (Outpost24 subsidiary).

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach JPM004091825

Type of Data Compromised: Personal information, Financial information

Number of Records Exposed: Unknown

Sensitivity of Data: High

Personally Identifiable Information: namesaddressesSocial Security numbers

Incident : Phishing NYLJPMOUTOUT1773678705

Type of Data Compromised: Credentials

Sensitivity of Data: High (Microsoft 365 logins)

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Data Breach JPM004091825

Regulatory Notifications: Vermont Office of the Attorney General

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Phishing NYLJPMOUTOUT1773678705

Lessons Learned: The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

References

Where can I find more information about each incident ?

Incident : Data Breach JPM004091825

Source: Vermont Office of the Attorney General

Date Accessed: 2024-04-18

Incident : Phishing NYLJPMOUTOUT1773678705

Source: Specops Software (Outpost24 subsidiary)

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-04-18, and Source: Specops Software (Outpost24 subsidiary).

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Phishing NYLJPMOUTOUT1773678705

Entry Point: Phishing email (JP Morgan-themed)

High Value Targets: C-level executive

Data Sold on Dark Web: C-level executive

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach JPM004091825

Root Causes: Software Issue

Incident : Phishing NYLJPMOUTOUT1773678705

Root Causes: Abuse of trusted infrastructure (Cisco Secure Email Gateway, Nylas, Cloudflare), DMARC bypass, repurposed domain

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Specops Software (Outpost24 subsidiary).

Additional Questions

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2024-02-26.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-04-18.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, Social Security numbers, bank account details, and Credentials (Microsoft 365).

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Specops Software (Outpost24 subsidiary).

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Credentials (Microsoft 365), addresses, names, Social Security numbers and bank account details.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.

Lessons Learned and Recommendations

What was the most significant lesson learned from past incidents ?

Most Significant Lesson Learned: The most significant lesson learned from past incidents was The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Specops Software (Outpost24 subsidiary) and Vermont Office of the Attorney General.

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing email (JP Morgan-themed).

Post-Incident Analysis

What was the most significant root cause identified in post-incident analysis ?

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Software Issue, Abuse of trusted infrastructure (Cisco Secure Email Gateway, Nylas, Cloudflare), DMARC bypass, repurposed domain.

cve

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.

Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=jpmorgan' -H 'apikey: YOUR_API_KEY_HERE'

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
Users Love Us Badge