Norton Healthcare
Company Details
Linkedin ID:
norton-healthcare
Website:
Employees number:
10,315
Number of followers:
51,223
NAICS:
62
Industry Type:
Homepage:
NortonHealthcare.com
IP Addresses:
15
Company ID:
NOR_3293484
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Norton Healthcare Vendor Cyber Rating & Cyber Score
NortonHealthcare.comNorton Healthcare is a leader in serving adult and pediatric patients from throughout Greater Louisville, Southern Indiana, the commonwealth of Kentucky and beyond. The not-for-profit hospital and health care system is Louisville’s second largest employer, with more than 18,600 employees, over 1,750 employed medical providers and nearly 3,000 total providers on its medical staff. Norton Healthcare has five Louisville-based hospitals with a total of 1,907 licensed beds. Norton West Louisville Hospital is scheduled to open in late 2024. The system also includes eight outpatient centers, 18 Norton Immediate Care Centers, eight Norton Prompt Care at Walgreens clinics and an expanded telehealth program. It provides care at more than 350 locations throughout Kentucky and Southern Indiana. The hospitals provide inpatient and outpatient general care as well as specialty care including heart, neuroscience, cancer, orthopedic, women’s and pediatric services. A strong research program provides access to clinical trials in a multitude of areas. Norton King’s Daughters’ Health in Madison, Indiana, also is part of Norton Healthcare. Read more at KDHMadison.org/About-Us. Since 2018, Norton Healthcare’s five Louisville hospitals and Norton Cancer Institute have been named LGBTQ+ Healthcare Equality Leaders by the Human Rights Campaign Foundation, earning a top score of 100 on the Healthcare Equality Index (HEI). Norton Healthcare also was recognized in 2022 as one of the “Best Places to Work for Disability Inclusion” by the Disability Equality Index. To learn more about career opportunities, visit NortonHealthcareCareers.com.
Norton Healthcare A.I CyberSecurity Scoring
Norton Healthcare Risk Score (AI oriented)Between 0 and 549
Norton Healthcare
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Norton Healthcare Global Score (TPRM)XXXX
Norton Healthcare
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Norton Healthcare Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Norton Healthcare and Norton Hospitals: Settlement reached in 2023 Norton data breach lawsuit. What to know
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Norton Healthcare Reaches $11M Settlement Over 2023 Ransomware Attack Norton Healthcare has agreed to a $11 million settlement in a class-action lawsuit stemming from a May 2023 ransomware attack that disrupted its computer systems. The breach, detected on May 9, 2023, occurred after suspicious activity was flagged on Norton’s servers, followed by a threatening fax demanding payment. An investigation revealed unauthorized access to network storage devices between May 7 and May 9. The lawsuit, filed in June 2023 against Norton Healthcare and Norton Hospitals, alleged negligence, breach of contract, privacy violations, and failure to meet industry cybersecurity standards. Plaintiffs claimed Norton did not adequately protect sensitive data or train employees on security protocols. While Norton maintained that patient personal information was not accessed, it later notified potentially affected individuals. Under the settlement, class members may receive: - Three years of medical monitoring services - Up to $2,500 in out-of-pocket expense reimbursements - Up to $80 for lost time due to the breach - A minimum $5 cash payment A final approval hearing is scheduled for May 15. The settlement fund will be distributed pending court approval.
Norton Healthcare, Inc.
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: On December 8, 2023, the Washington State Office of the Attorney General reported a data breach incident involving Norton Healthcare, Inc., which occurred from May 7, 2023, to May 9, 2023. The breach was identified as a ransomware attack affecting approximately 1,872 Washington residents, potentially compromising personal information including names, Social Security Numbers, and health information.
Norton Healthcare Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Norton Healthcare
Incidents vs Hospitals and Health Care Industry Average (This Year)
Norton Healthcare has 29.58% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Norton Healthcare has 15.25% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Norton Healthcare vs Hospitals and Health Care Industry Avg (This Year)
Norton Healthcare reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Norton Healthcare (X = Date, Y = Severity)
Norton Healthcare cyber incidents detection timeline including parent company and subsidiaries
Norton Healthcare Company Subsidiaries
Norton Healthcare is a leader in serving adult and pediatric patients from throughout Greater Louisville, Southern Indiana, the commonwealth of Kentucky and beyond. The not-for-profit hospital and health care system is Louisville’s second largest employer, with more than 18,600 employees, over 1,750 employed medical providers and nearly 3,000 total providers on its medical staff. Norton Healthcare has five Louisville-based hospitals with a total of 1,907 licensed beds. Norton West Louisville Hospital is scheduled to open in late 2024. The system also includes eight outpatient centers, 18 Norton Immediate Care Centers, eight Norton Prompt Care at Walgreens clinics and an expanded telehealth program. It provides care at more than 350 locations throughout Kentucky and Southern Indiana. The hospitals provide inpatient and outpatient general care as well as specialty care including heart, neuroscience, cancer, orthopedic, women’s and pediatric services. A strong research program provides access to clinical trials in a multitude of areas. Norton King’s Daughters’ Health in Madison, Indiana, also is part of Norton Healthcare. Read more at KDHMadison.org/About-Us. Since 2018, Norton Healthcare’s five Louisville hospitals and Norton Cancer Institute have been named LGBTQ+ Healthcare Equality Leaders by the Human Rights Campaign Foundation, earning a top score of 100 on the Healthcare Equality Index (HEI). Norton Healthcare also was recognized in 2022 as one of the “Best Places to Work for Disability Inclusion” by the Disability Equality Index. To learn more about career opportunities, visit NortonHealthcareCareers.com.
Loading...
Norton Healthcare Similar Companies
UPMC
UPMC is a world-renowned, nonprofit health care provider and insurer committed to delivering exceptional, people-centered care and community services. Headquartered in Pittsburgh and affiliated with the University of Pittsburgh Schools of the Health Sciences, UPMC is shaping the future of health thr
NorthShore University HealthSystem, Swedish Hospital, Northwest Community Healthcare and Edward-Elmhurst Health are now united under one name: Endeavor Health. Together, we’re driven by our mission to help everyone in our communities be their best and our commitment to setting a new standard for he
RWJBarnabas Health
RWJBarnabas Health is New Jersey’s largest and most comprehensive academic health system, caring for more than 5 million people annually. Nationally renowned for quality and safety, the system includes 14 hospitals and 9,000 affiliated physicians integrated to provide care at more than 700 patient
Novant Health
Novant Health is an integrated network of more than 850 locations, including 19 hospitals, more than 700 physician clinics and urgent care centers, outpatient facilities, and imaging and pharmacy services. This network supports a seamless and personalized healthcare experience for communities in Nor
Since its start in 1855 as the nation's first hospital devoted exclusively to caring for children, The Children's Hospital of Philadelphia has been the birthplace for many dramatic firsts in pediatric medicine. The Hospital has fostered medical discoveries and innovations that have improved pediatri
Siemens Healthineers is a leading medtech company with over 125 years of experience. We pioneer breakthroughs in healthcare. For everyone. Everywhere. Sustainably. Our portfolio, spanning in vitro and in vivo diagnostics to image-guided therapy and cancer care, is crucial for clinical decision-makin
NYU Langone Health
NYU Langone Health is a fully integrated health system that consistently achieves the best patient outcomes through a rigorous focus on quality that has resulted in some of the lowest mortality rates in the nation. Vizient Inc. has ranked NYU Langone No. 1 out of 118 comprehensive academic medical c
Region Skåne
Region Skåne, or Skåne Regional Council, is the self-governing authority of Skåne, the southernmost county of Sweden. Region Skåne has its head office in the city of Kristianstad and has work places in every municipality in Skåne. Region Skåne is responsible for healthcare and medical services, t
Rede D'Or
A Rede D’Or é a maior rede de saúde da América Latina. São 79 hospitais e mais de 60 clínicas oncológicas com presença nos estados de AL, BA, CE, DF, MA, MG, MS, PA, PB, PE, PR, RJ, SE, SP. Referência em qualidade técnica, a Rede D’Or atua em serviços complementares como banco de sangue, diális
.png)
Norton Healthcare CyberSecurity News
February 24, 2026 10:57 AM
Here's how much money you could get in the settlement of Norton Healthcare's data breach
LOUISVILLE, Ky. (WDRB) — A settlement was reached in the Norton Healthcare lawsuit after patients and employees had their personal...
February 24, 2026 08:00 AM
$11M Norton Healthcare data breach class action settlement
Norton Healthcare has agreed to pay $11 million as part of a class action lawsuit settlement to resolve claims it failed to protect...
February 24, 2026 08:00 AM
Settlement reached in 2023 Norton data breach lawsuit. What to know
The lawsuit was filed after a 2023 ransomware attack. Individuals received a notice if they are included in the settlement class.
February 18, 2026 09:28 PM
Norton Healthcare to Pay $11M to Settle BlackCat Lawsuit
Norton Healthcare, which operates nine hospitals and other care facilities in Kentucky and Indiana, has agreed to pay $11 million to settle class action...
February 18, 2026 03:46 PM
Ontario IPC releases new guidance on AI scribes: What health organizations need to know | Canada | Global law firm
On January 28, the Information and Privacy Commissioner of Ontario (OIPC) issued guidance on the responsible development, procurement, and use of AI...
February 16, 2026 08:00 AM
Norton Healthcare settles data breach class action lawsuit for $11 million: Who is owed money and how to file a claim
Individuals who received notice from Norton Healthcare about a 2023 data breach, may qualify to claim up to $2500 plus monitoring from a...
January 21, 2026 08:00 AM
Why 46M breached data records counts as progress for healthcare
After the largest-ever number of Americans had their health data compromised in 2024, the last year saw significant improvement.
January 14, 2026 08:00 AM
This year’s biggest healthcare legal concerns: survey
Cybersecurity tops the list of this year's biggest areas of litigation concern for healthcare legal departments. In a survey published...
July 19, 2024 07:00 AM
Several Louisville-area hospitals, services, companies impacted by global IT outage
Several Louisville-area hospitals, businesses, services and flights are being impacted by a global IT outage Friday morning. Cybersecurity...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Norton Healthcare CyberSecurity History Information
Official Website of Norton Healthcare
The official website of Norton Healthcare is http://www.NortonHealthcare.com.
Norton Healthcare’s AI-Generated Cybersecurity Score
According to Rankiteo, Norton Healthcare’s AI-generated cybersecurity score is 548, reflecting their Critical security posture.
How many security badges does Norton Healthcare’ have ?
According to Rankiteo, Norton Healthcare currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Norton Healthcare been affected by any supply chain cyber incidents ?
According to Rankiteo, Norton Healthcare has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Norton Healthcare have SOC 2 Type 1 certification ?
According to Rankiteo, Norton Healthcare is not certified under SOC 2 Type 1.
Does Norton Healthcare have SOC 2 Type 2 certification ?
According to Rankiteo, Norton Healthcare does not hold a SOC 2 Type 2 certification.
Does Norton Healthcare comply with GDPR ?
According to Rankiteo, Norton Healthcare is not listed as GDPR compliant.
Does Norton Healthcare have PCI DSS certification ?
According to Rankiteo, Norton Healthcare does not currently maintain PCI DSS compliance.
Does Norton Healthcare comply with HIPAA ?
According to Rankiteo, Norton Healthcare is not compliant with HIPAA regulations.
Does Norton Healthcare have ISO 27001 certification ?
According to Rankiteo,Norton Healthcare is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Norton Healthcare
Norton Healthcare operates primarily in the Hospitals and Health Care industry.
Number of Employees at Norton Healthcare
Norton Healthcare employs approximately 10,315 people worldwide.
Subsidiaries Owned by Norton Healthcare
Norton Healthcare presently has no subsidiaries across any sectors.
Norton Healthcare’s LinkedIn Followers
Norton Healthcare’s official LinkedIn profile has approximately 51,223 followers.
NAICS Classification of Norton Healthcare
Norton Healthcare is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Norton Healthcare’s Presence on Crunchbase
Yes, Norton Healthcare has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/norton-healthcare.
Norton Healthcare’s Presence on LinkedIn
Yes, Norton Healthcare maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/norton-healthcare.
Cybersecurity Incidents Involving Norton Healthcare
As of March 30, 2026, Rankiteo reports that Norton Healthcare has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Norton Healthcare has an estimated 32,295 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Norton Healthcare ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
What was the total financial impact of these incidents on Norton Healthcare ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $11 million.
How does Norton Healthcare detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notification to potentially affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Norton Healthcare Data Breach
Description: A ransomware attack on Norton Healthcare, Inc. potentially compromised personal information including names, Social Security Numbers, and health information of approximately 1,872 Washington residents.
Date Detected: 2023-05-07
Date Publicly Disclosed: 2023-12-08
Type: Data Breach
Attack Vector: Ransomware
Title: Norton Healthcare Ransomware Attack and Data Breach
Description: Norton Healthcare agreed to an $11 million settlement in a class-action lawsuit following a May 2023 ransomware attack that disrupted its computer systems. The breach was detected on May 9, 2023, after suspicious activity was flagged, followed by a threatening fax demanding payment. Unauthorized access to network storage devices occurred between May 7 and May 9.
Date Detected: 2023-05-09
Type: Ransomware
Attack Vector: Unauthorized access to network storage devices
Motivation: Financial gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Network storage devices.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach NOR021072625
Data Compromised: Names, Social security numbers, Health information
Incident : Ransomware NOR1771969204
Financial Loss: $11,000,000 (settlement amount)
Data Compromised: Potentially sensitive data (disputed by Norton)
Systems Affected: Network storage devices, computer systems
Operational Impact: Disrupted computer systems
Brand Reputation Impact: Negative impact due to lawsuit and breach
Legal Liabilities: Class-action lawsuit, regulatory scrutiny
Identity Theft Risk: Potential risk (disputed by Norton)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $5.50 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Health Information, and Potentially sensitive data (disputed by Norton).
Which entities were affected by each incident ?
Incident : Data Breach NOR021072625
Entity Name: Norton Healthcare, Inc.
Entity Type: Healthcare
Industry: Healthcare
Location: Washington
Customers Affected: 1872
Incident : Ransomware NOR1771969204
Entity Name: Norton Healthcare
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: Potentially affected individuals (number not specified)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware NOR1771969204
Communication Strategy: Notification to potentially affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach NOR021072625
Type of Data Compromised: Names, Social security numbers, Health information
Number of Records Exposed: 1872
Sensitivity of Data: High
Incident : Ransomware NOR1771969204
Type of Data Compromised: Potentially sensitive data (disputed by Norton)
Sensitivity of Data: High (healthcare data)
Personally Identifiable Information: Potentially (disputed by Norton)
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware NOR1771969204
Ransom Demanded: Yes (via threatening fax)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware NOR1771969204
Regulations Violated: Potential violations of healthcare cybersecurity standards (e.g., HIPAA)
Legal Actions: Class-action lawsuit
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class-action lawsuit.
References
Where can I find more information about each incident ?
Incident : Data Breach NOR021072625
Source: Washington State Office of the Attorney General
Date Accessed: 2023-12-08
Incident : Ransomware NOR1771969204
Source: Class-action lawsuit settlement announcement
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2023-12-08, and Source: Class-action lawsuit settlement announcement.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware NOR1771969204
Investigation Status: Ongoing (settlement pending final approval)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification to potentially affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware NOR1771969204
Customer Advisories: Notification to potentially affected individuals
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notification to potentially affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Ransomware NOR1771969204
Entry Point: Network storage devices
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware NOR1771969204
Root Causes: Alleged negligence, inadequate employee training, and failure to meet industry cybersecurity standards
Corrective Actions: Settlement includes medical monitoring services, expense reimbursements, and cash payments
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Settlement includes medical monitoring services, expense reimbursements, and cash payments.
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Yes (via threatening fax).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-07.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-12-08.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $11,000,000 (settlement amount).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security Numbers, health information, and Potentially sensitive data (disputed by Norton).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were health information, Social Security Numbers, Potentially sensitive data (disputed by Norton) and names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 189.0.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was Yes (via threatening fax).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class-action lawsuit.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Washington State Office of the Attorney General and Class-action lawsuit settlement announcement.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (settlement pending final approval).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notification to potentially affected individuals.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Network storage devices.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=norton-healthcare' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
