NYLIC
Company Details
Linkedin ID:
newyorklife
Website:
Employees number:
41,382
Number of followers:
348,893
NAICS:
52
Industry Type:
Homepage:
nyl.co
IP Addresses:
0
Company ID:
NEW_8777132
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
New York Life Insurance Company Vendor Cyber Rating & Cyber Score
nyl.coFor over 180 years, we’ve helped turn your biggest dreams into milestones that last a lifetime. As a mutual company we hold ourselves to the highest standards of transparency, objectivity, and integrity. We’re committed to improving local communities through a culture of giving and volunteerism, supported by our own New York Life Foundation. Join a company that values development, career growth, collaboration, innovation, and diversity & inclusion. Through various resources and programs, you can grow your career while developing personally and professionally. Your life. New York Life. More powerful, together. Insurance • Investments • Retirement • Advisory Services New York Life is an Equal Opportunity Employer - M/F/Veteran/Disability/Sexual Orientation/Gender Identity Investments are offered through NYLIFE Securities LLC (Member FINRA/SIPC), a Licensed Insurance Agency. Advisory services are offered through Eagle Strategies LLC, a Registered Investment Adviser. NYLIFE Securities LLC and Eagle Strategies LLC are New York Life Companies. Not all New York Life agents are licensed to offer investments or advisory services. Only those agents who disclose their affiliation with NYLIFE Securities LLC and/or Eagle Strategies LLC are credentialed to provide the respective products and services. Read our disclaimers: https://nyl.co/socialmedia
New York Life Insurance Company A.I CyberSecurity Scoring
NYLIC Risk Score (AI oriented)Between 700 and 749
NYLIC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NYLIC Global Score (TPRM)XXXX
NYLIC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NYLIC Company CyberSecurity News & History
Past Incidents
4
Attack Types
2
New York Life Investment Management LLC
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: On May 24, 2024, the Washington State Office of the Attorney General reported a data breach involving New York Life Investment Management LLC. The breach occurred from February 5 to February 22, 2024, due to a cyberattack involving malware. Approximately 772 residents were affected, and the types of information compromised include names and full dates of birth.
New York Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported a data breach involving New York Life Insurance Company on October 23, 2023. The breach occurred between May 30, 2023, and May 31, 2023, due to an external system breach involving unauthorized access, affecting 30,167 individuals, including 38 Maine residents. The compromised information includes Social Security Numbers, and identity theft protection services were offered for 12 months through Experian IdentityWorks.
New York Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On September 28, 2021, the Maine Office of the Attorney General reported a data breach involving New York Life Insurance Company. The breach occurred from April 13, 2021, to May 12, 2021, and involved a phishing attack that compromised personal information, including Social Security numbers, affecting 1,749 individuals in total with 3 residents particularly noted.
New York Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On March 3, 2021, New York Life Insurance Company reported an inadvertent disclosure of personal information due to a misconfigured document upload. In response to a request from the Wyoming Department of Insurance, a file containing sensitive details of 749 individuals including names, partial Social Security numbers (last four digits), certificate numbers, genders, dates of birth, benefit amounts, and annuity forms was mistakenly published on a public insurance filings website from July 2020 to February 5, 2021. The exposed data pertained to at least one Maine resident, among others. The breach stemmed from human error during a routine regulatory submission, leading to prolonged unauthorized access to personally identifiable information (PII). While no evidence of malicious exploitation was reported, the incident posed risks of identity theft, financial fraud, or phishing attacks targeting affected individuals. The company likely initiated remediation measures, including notification to impacted parties and regulatory bodies, but the exposure duration (over six months) amplified potential consequences for those whose data was compromised.
NYLIC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NYLIC
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for New York Life Insurance Company in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for New York Life Insurance Company in 2026.
Incident Types NYLIC vs Financial Services Industry Avg (This Year)
No incidents recorded for New York Life Insurance Company in 2026.
Incident History — NYLIC (X = Date, Y = Severity)
NYLIC cyber incidents detection timeline including parent company and subsidiaries
NYLIC Company Subsidiaries
For over 180 years, we’ve helped turn your biggest dreams into milestones that last a lifetime. As a mutual company we hold ourselves to the highest standards of transparency, objectivity, and integrity. We’re committed to improving local communities through a culture of giving and volunteerism, supported by our own New York Life Foundation. Join a company that values development, career growth, collaboration, innovation, and diversity & inclusion. Through various resources and programs, you can grow your career while developing personally and professionally. Your life. New York Life. More powerful, together. Insurance • Investments • Retirement • Advisory Services New York Life is an Equal Opportunity Employer - M/F/Veteran/Disability/Sexual Orientation/Gender Identity Investments are offered through NYLIFE Securities LLC (Member FINRA/SIPC), a Licensed Insurance Agency. Advisory services are offered through Eagle Strategies LLC, a Registered Investment Adviser. NYLIFE Securities LLC and Eagle Strategies LLC are New York Life Companies. Not all New York Life agents are licensed to offer investments or advisory services. Only those agents who disclose their affiliation with NYLIFE Securities LLC and/or Eagle Strategies LLC are credentialed to provide the respective products and services. Read our disclaimers: https://nyl.co/socialmedia
Loading...
NYLIC Similar Companies
Founded in 2006, CreditEase is a Beijing-based world-leading FinTech conglomerate in China. It specializes in inclusive finance and wealth management with a dominant position in credit technology, wealth management technology, insurance technology, etc. Main business sectors of CreditEase include Yi
Northwestern Mutual
At Northwestern Mutual, our financial advisors are ready to meet you where you are and stay with you long-term. Get financial clarity with a people-first plan designed to uncover new opportunities and potential blind spots. The right time to plan is right now. With $265.0 billion in assets under ma
BlackRock
BlackRock is a global asset manager and technology provider dedicated to helping more and more people experience financial well-being. We help millions of people invest to build savings that serve them throughout their lives. We always start with our clients’ needs and look to offer them more qua
CIMB
CIMB Group is a leading ASEAN universal bank, one of the largest Asian investment banks and one of the world's largest Islamic banks. We are headquartered in Kuala Lumpur, Malaysia and offer consumer banking, commercial banking, wholesale banking, Islamic banking, and asset management products and
TIAA
At TIAA, we believe everyone has the right to retire with dignity. For more than 100 years, we’ve provided retirement plans, insurance, and investment services, empowering millions of people— in education, healthcare, and nonprofit —with the knowledge, guidance, and lifetime income needed to plan th
Fidelity National Financial, Inc. (NYSE: FNF) is a leading provider of title insurance and transaction services to the real estate and mortgage industries. Ranked #359 on the FORTUNE 500(r) list for 2023, FNF is the nation's largest title insurance company through our title insurance underwriters (F
Lars Larsen Group
Lars Larsen Group is owned by the Brunsborg family, descendants of JYSK founder Lars Larsen. The Group owns companies within a number of business areas including furniture, interior design, restaurants and hotels, and is also an active investor in equities, funds, and real estate. The Group is to t
Standard Bank Group
As a brand with a legacy of over 160 years in Africa, we have a deep understanding and belief in the boundless opportunities that this continent presents. Our vision extends beyond mere geography; it encompasses a profound recognition of the potential for growth that resonates within our people, cus
Aon
We exist to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the cl
.png)
NYLIC CyberSecurity News
February 26, 2026 08:00 AM
Trends In Healthcare Data Breach Statistics
Our healthcare data breach statistics clearly show an upward trend in data breaches since 2009, when OCR first started publishing data...
February 02, 2026 08:00 AM
FBI and cybersecurity firms warn airlines of Scattered Spider attacks
The FBI and major cybersecurity firms are warning that Scattered Spider, a well-known hacking group, is now targeting the airline and...
February 01, 2026 08:00 AM
New York fines 8 auto insurers $19 mn over cybersecurity violations, data breaches
New York DFS fined eight auto insurers and agencies $19 mn for weak cybersecurity controls that exposed personal data through online quoting...
November 14, 2025 11:54 AM
Top 100 Cybersecurity Leaders in the U.S. Announced
These Top 100 cybersecurity leaders in the U.S. are not only tackling today's threats but also anticipating the challenges of tomorrow.
November 11, 2025 08:00 AM
Cybersecurity jobs available right now: November 11, 2025
Bridewell | United Kingdom | Hybrid – No longer accepting applications. As an Academy Cyber Threat Intelligence Analyst, you will manage...
November 03, 2025 08:00 AM
Final NYDFS Cybersecurity Rules Take Effect: What Financial Services Companies Must Do Now
As of November 1, 2025, two critical updates to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (the...
October 22, 2025 07:00 AM
New York fines eight auto insurers $19 million over cybersecurity violations
New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris has collected more than $19 million in penalties for...
October 21, 2025 07:00 AM
NY auto insurers on the hook for $19M for cybersecurity violations
Eight auto insurers failed to meet the requirements of New York's cybersecurity regulations during widespread online attacks in 2021 and...
October 21, 2025 07:00 AM
DFS Acting Superintendent Kaitlin Asrow Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers | Department of Financial Services
New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NYLIC CyberSecurity History Information
Official Website of New York Life Insurance Company
The official website of New York Life Insurance Company is https://nyl.co/3uLirwD.
New York Life Insurance Company’s AI-Generated Cybersecurity Score
According to Rankiteo, New York Life Insurance Company’s AI-generated cybersecurity score is 723, reflecting their Moderate security posture.
How many security badges does New York Life Insurance Company’ have ?
According to Rankiteo, New York Life Insurance Company currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has New York Life Insurance Company been affected by any supply chain cyber incidents ?
According to Rankiteo, New York Life Insurance Company has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does New York Life Insurance Company have SOC 2 Type 1 certification ?
According to Rankiteo, New York Life Insurance Company is not certified under SOC 2 Type 1.
Does New York Life Insurance Company have SOC 2 Type 2 certification ?
According to Rankiteo, New York Life Insurance Company does not hold a SOC 2 Type 2 certification.
Does New York Life Insurance Company comply with GDPR ?
According to Rankiteo, New York Life Insurance Company is not listed as GDPR compliant.
Does New York Life Insurance Company have PCI DSS certification ?
According to Rankiteo, New York Life Insurance Company does not currently maintain PCI DSS compliance.
Does New York Life Insurance Company comply with HIPAA ?
According to Rankiteo, New York Life Insurance Company is not compliant with HIPAA regulations.
Does New York Life Insurance Company have ISO 27001 certification ?
According to Rankiteo,New York Life Insurance Company is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of New York Life Insurance Company
New York Life Insurance Company operates primarily in the Financial Services industry.
Number of Employees at New York Life Insurance Company
New York Life Insurance Company employs approximately 41,382 people worldwide.
Subsidiaries Owned by New York Life Insurance Company
New York Life Insurance Company presently has no subsidiaries across any sectors.
New York Life Insurance Company’s LinkedIn Followers
New York Life Insurance Company’s official LinkedIn profile has approximately 348,893 followers.
NAICS Classification of New York Life Insurance Company
New York Life Insurance Company is classified under the NAICS code 52, which corresponds to Finance and Insurance.
New York Life Insurance Company’s Presence on Crunchbase
No, New York Life Insurance Company does not have a profile on Crunchbase.
New York Life Insurance Company’s Presence on LinkedIn
Yes, New York Life Insurance Company maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/newyorklife.
Cybersecurity Incidents Involving New York Life Insurance Company
As of April 02, 2026, Rankiteo reports that New York Life Insurance Company has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
New York Life Insurance Company has an estimated 31,536 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at New York Life Insurance Company ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
How does New York Life Insurance Company detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian identityworks, and containment measures with document removed from public website (as of 2021-02-05), and communication strategy with notification to affected individuals via maine attorney general's office..
Incident Details
Can you provide details on each incident ?
Title: New York Life Insurance Company Data Breach
Description: The Maine Office of the Attorney General reported a data breach involving New York Life Insurance Company on October 23, 2023. The breach occurred between May 30, 2023, and May 31, 2023, due to an external system breach involving unauthorized access, affecting 30,167 individuals, including 38 Maine residents. The compromised information includes Social Security Numbers, and identity theft protection services were offered for 12 months through Experian IdentityWorks.
Date Detected: 2023-10-23
Date Publicly Disclosed: 2023-10-23
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Data Breach at New York Life Investment Management LLC
Description: A data breach involving New York Life Investment Management LLC occurred from February 5 to February 22, 2024, due to a cyberattack involving malware. Approximately 772 residents were affected, and the types of information compromised include names and full dates of birth.
Date Detected: 2024-02-22
Date Publicly Disclosed: 2024-05-24
Type: Data Breach
Attack Vector: Malware
Title: New York Life Insurance Company Data Breach
Description: A data breach involving New York Life Insurance Company occurred from April 13, 2021, to May 12, 2021, due to a phishing attack that compromised personal information, including Social Security numbers, affecting 1,749 individuals in total with 3 residents particularly noted.
Date Detected: 2021-05-12
Date Publicly Disclosed: 2021-09-28
Type: Data Breach
Attack Vector: Phishing
Title: New York Life Insurance Company Inadvertent Data Disclosure (2021)
Description: On March 3, 2021, the Maine Office of the Attorney General reported that New York Life Insurance Company experienced an inadvertent disclosure of personal information pertaining to one Maine resident. The breach occurred when, in response to a request from the Wyoming Department of Insurance, a document containing personal details was mistakenly uploaded to a public insurance filings website from July 2020 until February 5, 2021, affecting 749 individuals. The personal information included names, last four digits of Social Security numbers, certificate numbers, genders, dates of birth, benefit amounts, and forms of annuity.
Date Detected: 2021-02-05
Date Publicly Disclosed: 2021-03-03
Type: Data Breach (Inadvertent Disclosure)
Vulnerability Exploited: Human Error (Improper Document Upload)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach NEW524072525
Data Compromised: Social security numbers
Identity Theft Risk: High
Incident : Data Breach NYL1040072725
Data Compromised: Names, Full dates of birth
Incident : Data Breach NEW511080425
Data Compromised: Social security numbers
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Data Compromised: Names, Last four digits of social security numbers, Certificate numbers, Genders, Dates of birth, Benefit amounts, Forms of annuity
Brand Reputation Impact: Potential (due to public disclosure of sensitive data)
Identity Theft Risk: Moderate (partial SSN exposure)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, , Names, Full Dates Of Birth, , Social Security Numbers, , Personally Identifiable Information (Pii), Financial Data (Partial Ssn, Benefit Amounts) and .
Which entities were affected by each incident ?
Incident : Data Breach NEW524072525
Entity Name: New York Life Insurance Company
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 30167
Incident : Data Breach NYL1040072725
Entity Name: New York Life Investment Management LLC
Entity Type: Company
Industry: Financial Services
Location: New York
Customers Affected: 772
Incident : Data Breach NEW511080425
Entity Name: New York Life Insurance Company
Entity Type: Insurance Company
Industry: Insurance
Customers Affected: 1749
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Entity Name: New York Life Insurance Company
Entity Type: Insurance Provider
Industry: Financial Services (Insurance)
Location: New York, USA
Customers Affected: 749
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach NEW524072525
Third Party Assistance: Experian Identityworks.
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Containment Measures: Document removed from public website (as of 2021-02-05)
Communication Strategy: Notification to affected individuals via Maine Attorney General's office
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian IdentityWorks, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach NEW524072525
Type of Data Compromised: Social security numbers
Number of Records Exposed: 30167
Sensitivity of Data: High
Personally Identifiable Information: Social Security Numbers
Incident : Data Breach NYL1040072725
Type of Data Compromised: Names, Full dates of birth
Number of Records Exposed: 772
Incident : Data Breach NEW511080425
Type of Data Compromised: Social security numbers
Number of Records Exposed: 1749
Sensitivity of Data: High
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Type of Data Compromised: Personally identifiable information (pii), Financial data (partial ssn, benefit amounts)
Number of Records Exposed: 749
Sensitivity of Data: High (partial SSN, financial details)
Data Exfiltration: No (data was inadvertently published)
File Types Exposed: Insurance filings document (format unspecified)
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by document removed from public website (as of 2021-02-05).
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Regulatory Notifications: Maine Office of the Attorney General (reported 2021-03-03)
References
Where can I find more information about each incident ?
Incident : Data Breach NEW524072525
Source: Maine Office of the Attorney General
Date Accessed: 2023-10-23
Incident : Data Breach NYL1040072725
Source: Washington State Office of the Attorney General
Date Accessed: 2024-05-24
Incident : Data Breach NEW511080425
Source: Maine Office of the Attorney General
Date Accessed: 2021-09-28
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2023-10-23, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2024-05-24, and Source: Maine Office of the Attorney GeneralDate Accessed: 2021-09-28, and Source: Maine Office of the Attorney General.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Investigation Status: Disclosed (no further updates provided)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification to affected individuals via Maine Attorney General's office.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Customer Advisories: Notification via state regulatory channels
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notification via state regulatory channels.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach (Inadvertent Disclosure) NEW027091825
Root Causes: Human error in document handling/procedures for public filings
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian Identityworks, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-23.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-03-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security Numbers, , names, full dates of birth, , Social Security numbers, , Names, Last four digits of Social Security numbers, Certificate numbers, Genders, Dates of birth, Benefit amounts, Forms of annuity and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was experian identityworks, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Document removed from public website (as of 2021-02-05).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Certificate numbers, Dates of birth, Names, Social Security Numbers, Last four digits of Social Security numbers, Social Security numbers, names, Genders, Benefit amounts, Forms of annuity and full dates of birth.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 2.1K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Washington State Office of the Attorney General and Maine Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed (no further updates provided).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notification via state regulatory channels.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=newyorklife' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
