Sears
Company Details
Linkedin ID:
sears
Website:
Employees number:
27,172
Number of followers:
203,220
NAICS:
43
Industry Type:
Homepage:
bit.ly
IP Addresses:
0
Company ID:
SEA_1206077
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Sears Vendor Cyber Rating & Cyber Score
bit.lySears is a leading integrated retailer and provider focused on seamlessly connecting the digital and physical shopping experiences to serve our members - wherever, whenever and however they want to shop. We are part of the Transformco family of brands which operates through its subsidiaries, including Sears Home Services and Kmart, with full-line and specialty retail stores across the United States. We are also home to Shop Your Way®, a social shopping platform offering members rewards for shopping at Sears and Kmart as well as with other retail partners. The company is the nation's largest provider of home services, with more than 14 million service and installation calls made annually. For more information, visit https://jobs.sears.com/.
Sears A.I CyberSecurity Scoring
Sears Risk Score (AI oriented)Between 700 and 749
Sears
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Sears Global Score (TPRM)XXXX
Sears
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Sears Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Transformco and Sears Home Services: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Sears Home Services AI Chatbot Exposed Millions of Customer Conversations Security researcher Jeremiah Fowler uncovered a major data exposure involving Sears Home Services, the largest appliance repair provider in the U.S., which performs over seven million repairs annually. Between 2024 and early 2025, three unsecured databases containing 3.7 million chat logs, 1.4 million audio files, and text transcripts were left publicly accessible online. The exposed data included customer interactions with "Samantha," Sears’ AI virtual assistant, powered by the company’s "kAIros" technology. Records revealed personal details such as names, phone numbers, home addresses, appliance information, and repair appointment schedules. Many conversations were in both English and Spanish. Of particular concern were the audio recordings, some lasting up to four hours far beyond the intended customer service calls. Fowler noted that ambient audio, including private conversations and background noise, was captured after customers believed their calls had ended. This raised significant privacy risks, as sensitive discussions may have been recorded without consent. Fowler reported the exposure to Transformco, the parent company of Sears and Sears Home Services, in early February. The databases were secured shortly after, though it remains unclear how long they were exposed or whether unauthorized parties accessed them. Transformco did not respond to requests for comment. The incident highlights vulnerabilities in AI-driven customer service systems, where cost-saving measures may overlook critical security safeguards. The exposed data could be exploited for phishing scams, warranty fraud, or other targeted attacks, given the detailed personal and household information it contained.
Sears Holdings Management Corporation
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Washington State Office of the Attorney General reported a data breach by Sears Holdings on April 24, 2018. The breach occurred from September 27, 2017, to October 12, 2017, affecting 2,373 individuals in Washington. The compromised information included names and payment card information due to a cyberattack involving malicious script inserted by an unauthorized individual.
Sears Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Sears
Incidents vs Retail Industry Average (This Year)
Sears has 50.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Sears has 13.79% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Sears vs Retail Industry Avg (This Year)
Sears reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Sears (X = Date, Y = Severity)
Sears cyber incidents detection timeline including parent company and subsidiaries
Sears Company Subsidiaries
Sears is a leading integrated retailer and provider focused on seamlessly connecting the digital and physical shopping experiences to serve our members - wherever, whenever and however they want to shop. We are part of the Transformco family of brands which operates through its subsidiaries, including Sears Home Services and Kmart, with full-line and specialty retail stores across the United States. We are also home to Shop Your Way®, a social shopping platform offering members rewards for shopping at Sears and Kmart as well as with other retail partners. The company is the nation's largest provider of home services, with more than 14 million service and installation calls made annually. For more information, visit https://jobs.sears.com/.
Loading...
Sears Similar Companies
Advance Auto Parts
Advance Auto Parts, Inc. is a leading automotive aftermarket parts provider that serves both professional installers and do-it-yourself customers. As of October 5, 2024, Advance operated 4,781 stores primarily within the United States, with additional locations in Canada, Puerto Rico and the U.S. Vi
Coppel
Coppel es una empresa mexicana con sede en la ciudad de Culiacán, que ha sido fundada en 1941. Es una cadena comercial de tiendas departamentales de ventas a través del otorgamiento de créditos con pocos requisitos, y repartos gratuitos. En la actualidad cuenta con mas de 1000 puntos de venta, distr
Wayfair is the destination for all things home: helping everyone, anywhere create their feeling of home. From expert customer service, to the development of tools that make the shopping process easier, to carrying one of the widest and deepest selections of items for every space, style, and budget,
Kohl’s is a leading omnichannel retailer with more than 1,100 stores in 49 states. Kohl's business is built on a solid foundation of more than 60 million customers, an unmatched brand portfolio, industry-leading loyalty and Kohl's Card programs, a convenient and accessible nationwide store footprin
Academy Sports + Outdoors
At Academy Sports + Outdoors, we believe in the power of fun. And we believe in helping our customers have more of it. With a wide assortment of sporting and outdoors gear, Academy offers the best brands under one roof — curated to make the most of every budget. Day in and day out, our 20,000+ Team
It takes guts to start a business during the Great Depression. And it takes vision to keep it going. Our founder, Hendrik Meijer, opened Thrifty Acres in 1934. Nearly thirty years later, his son, Fred, pioneered the world's first-ever supercenter, laying the groundwork for what we are today: a mult
SPAR International
The worldwide SPAR organisation operates over 13,800 SPAR stores in 48 countries on four continents, meeting the needs of over 14,7 million consumers every day. The SPAR concept was established on the basis of wholesalers and retailers working in partnership to the benefit of all, including custom
PT Lion Super Indo
Sejak tahun 1997, Super Indo telah bertumbuh dan berkembang di Indonesia melalui kemitraan bersama Ahold Delhaize yang berasal dari Belanda dan Salim Group dari Indonesia. Didukung lebih dari 10,000 karyawan* yang terlatih, Super Indo berhasil menyediakan berbagai macam barang kebutuhan sehari-hari
Michaels Stores
At The Michaels Companies Inc., our purpose is to fuel the joy of creativity and celebration. As the leading destination for creating and celebrating in North America, we operate over 1,300 stores in 49 states and Canada and online at Michaels.com and Michaels.ca. The Michaels Companies, Inc. also
.png)
Sears CyberSecurity News
March 23, 2026 09:00 AM
3.7M Records Exposed, Many Belonging to Sears Home Services
Cybersecurity Researcher Jeremiah Fowler discovered three different publicly exposed databases containing 3.7 million records,...
March 20, 2026 03:57 PM
In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
Vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, and The Gentlemen ransomware group.
March 19, 2026 11:21 PM
Misconfigured AI bot databases leak millions of Sears Home Services customer records | brief | SC Media
Cybernews reports that major U.S. appliance repair provider Sears Home Services had nearly 3.7 million customer service records from 2024 to...
March 17, 2026 04:50 PM
Data Leak Exposes Millions of Sears Home Services Customer Records
A major cybersecurity incident has exposed sensitive customer data linked to Sears Home Services, according to findings by ExpressVPN.
March 17, 2026 07:00 AM
Sears AI chatbot chats and audio files found exposed online
Despite having only five remaining retail outlets, Sears still has an active and widely used Home Services division, complete with an AI...
October 18, 2025 07:00 AM
Professors secure $740k grant for cybersecurity research with U.S. Air Force
Three Angelo State University math professors have received a $740060 grant from the U.S. Air Force Office of Scientific Research to study...
August 28, 2025 07:00 AM
Lierman balks at $300 million IT contract over competition, transparency concerns
The Board of Public works approved a $300 million IT contract Wednesday despite concerns from Comptroller Brooke Lierman about transparency...
July 02, 2025 07:00 AM
Sears blasts Spanberger for being a ‘socialist’
Winsome Earle Sears, the Republican candidate for governor, accused her opponent, Abigail Spanberger, of being a socialist, saying,...
April 19, 2025 07:00 AM
Auditor: Information Technology department has yet to implement earlier report recommendations
Officials at the state Department of Information Technology pushed back on a new audit that raises questions about how much progress has...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Sears CyberSecurity History Information
Official Website of Sears
The official website of Sears is https://bit.ly/3UZDRRX.
Sears’s AI-Generated Cybersecurity Score
According to Rankiteo, Sears’s AI-generated cybersecurity score is 718, reflecting their Moderate security posture.
How many security badges does Sears’ have ?
According to Rankiteo, Sears currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Sears been affected by any supply chain cyber incidents ?
According to Rankiteo, Sears has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Sears have SOC 2 Type 1 certification ?
According to Rankiteo, Sears is not certified under SOC 2 Type 1.
Does Sears have SOC 2 Type 2 certification ?
According to Rankiteo, Sears does not hold a SOC 2 Type 2 certification.
Does Sears comply with GDPR ?
According to Rankiteo, Sears is not listed as GDPR compliant.
Does Sears have PCI DSS certification ?
According to Rankiteo, Sears does not currently maintain PCI DSS compliance.
Does Sears comply with HIPAA ?
According to Rankiteo, Sears is not compliant with HIPAA regulations.
Does Sears have ISO 27001 certification ?
According to Rankiteo,Sears is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Sears
Sears operates primarily in the Retail industry.
Number of Employees at Sears
Sears employs approximately 27,172 people worldwide.
Subsidiaries Owned by Sears
Sears presently has no subsidiaries across any sectors.
Sears’s LinkedIn Followers
Sears’s official LinkedIn profile has approximately 203,220 followers.
NAICS Classification of Sears
Sears is classified under the NAICS code 43, which corresponds to Retail Trade.
Sears’s Presence on Crunchbase
No, Sears does not have a profile on Crunchbase.
Sears’s Presence on LinkedIn
Yes, Sears maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sears.
Cybersecurity Incidents Involving Sears
As of April 02, 2026, Rankiteo reports that Sears has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Sears has an estimated 15,730 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Sears ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Sears detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with databases secured after notification..
Incident Details
Can you provide details on each incident ?
Title: Sears Holdings Data Breach
Description: The Washington State Office of the Attorney General reported a data breach by Sears Holdings on April 24, 2018. The breach occurred from September 27, 2017, to October 12, 2017, affecting 2,373 individuals in Washington, with compromised information including names and payment card information due to a cyberattack involving malicious script inserted by an unauthorized individual.
Date Detected: 2018-04-24
Date Publicly Disclosed: 2018-04-24
Type: Data Breach
Attack Vector: Malicious Script
Vulnerability Exploited: Insertion of malicious script
Threat Actor: Unauthorized Individual
Title: Sears Home Services AI Chatbot Exposed Millions of Customer Conversations
Description: Security researcher Jeremiah Fowler uncovered a major data exposure involving Sears Home Services, the largest appliance repair provider in the U.S. Three unsecured databases containing 3.7 million chat logs, 1.4 million audio files, and text transcripts were left publicly accessible online. The exposed data included customer interactions with 'Samantha,' Sears’ AI virtual assistant, revealing personal details such as names, phone numbers, home addresses, appliance information, and repair appointment schedules. Audio recordings captured ambient conversations beyond intended customer service calls, raising significant privacy risks.
Date Detected: 2025-02-early
Type: Data Exposure
Attack Vector: Unsecured Database
Vulnerability Exploited: Misconfigured Database Access Controls
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Malicious Script.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SEA949072525
Data Compromised: Names, Payment card information
Payment Information Risk: True
Incident : Data Exposure SEASEA1773750849
Data Compromised: 3.7 million chat logs, 1.4 million audio files, text transcripts
Systems Affected: AI virtual assistant ('Samantha'), kAIros technology
Brand Reputation Impact: High
Legal Liabilities: Potential
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Payment Card Information, , Chat Logs, Audio Recordings, Text Transcripts and .
Which entities were affected by each incident ?
Incident : Data Breach SEA949072525
Entity Name: Sears Holdings
Entity Type: Retail
Industry: Retail
Location: Washington
Customers Affected: 2373
Incident : Data Exposure SEASEA1773750849
Entity Name: Sears Home Services
Entity Type: Corporation
Industry: Home Appliance Repair
Location: U.S.
Size: Large (7 million repairs annually)
Customers Affected: Millions
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Exposure SEASEA1773750849
Containment Measures: Databases secured after notification
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SEA949072525
Type of Data Compromised: Names, Payment card information
Number of Records Exposed: 2373
Sensitivity of Data: High
Incident : Data Exposure SEASEA1773750849
Type of Data Compromised: Chat logs, Audio recordings, Text transcripts
Number of Records Exposed: 5.1 million (3.7M chat logs + 1.4M audio files)
Sensitivity of Data: High (PII, home addresses, appliance details, repair schedules, ambient audio)
File Types Exposed: Audio (.mp3/.wav)Text
Personally Identifiable Information: NamesPhone numbersHome addresses
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by databases secured after notification.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Exposure SEASEA1773750849
Regulations Violated: Potential GDPR (if EU customers affected), Potential CCPA,
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Exposure SEASEA1773750849
Lessons Learned: Vulnerabilities in AI-driven customer service systems can lead to significant data exposure if security safeguards are overlooked. Cost-saving measures must not compromise data protection.
What recommendations were made to prevent future incidents ?
Incident : Data Exposure SEASEA1773750849
Recommendations: Implement strict access controls for databases, Regular security audits, Limit audio recording duration to intended interactions, Enhance monitoring for unauthorized access, Ensure compliance with data protection regulationsImplement strict access controls for databases, Regular security audits, Limit audio recording duration to intended interactions, Enhance monitoring for unauthorized access, Ensure compliance with data protection regulationsImplement strict access controls for databases, Regular security audits, Limit audio recording duration to intended interactions, Enhance monitoring for unauthorized access, Ensure compliance with data protection regulationsImplement strict access controls for databases, Regular security audits, Limit audio recording duration to intended interactions, Enhance monitoring for unauthorized access, Ensure compliance with data protection regulationsImplement strict access controls for databases, Regular security audits, Limit audio recording duration to intended interactions, Enhance monitoring for unauthorized access, Ensure compliance with data protection regulations
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Vulnerabilities in AI-driven customer service systems can lead to significant data exposure if security safeguards are overlooked. Cost-saving measures must not compromise data protection.
References
Where can I find more information about each incident ?
Incident : Data Breach SEA949072525
Source: Washington State Office of the Attorney General
Date Accessed: 2018-04-24
Incident : Data Exposure SEASEA1773750849
Source: Jeremiah Fowler (Security Researcher)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2018-04-24, and Source: Jeremiah Fowler (Security Researcher).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Exposure SEASEA1773750849
Investigation Status: Partially resolved (databases secured, but exposure duration unclear)
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach SEA949072525
Entry Point: Malicious Script
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach SEA949072525
Root Causes: Insertion of malicious script by an unauthorized individual
Incident : Data Exposure SEASEA1773750849
Root Causes: Misconfigured database access controls, lack of security oversight for AI systems
Corrective Actions: Databases secured, but further measures needed to prevent recurrence
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Databases secured, but further measures needed to prevent recurrence.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Individual.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2018-04-24.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2018-04-24.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Payment Card Information, , 3.7 million chat logs, 1.4 million audio files and text transcripts.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Databases secured after notification.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 3.7 million chat logs, 1.4 million audio files, text transcripts, Names and Payment Card Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.1M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Vulnerabilities in AI-driven customer service systems can lead to significant data exposure if security safeguards are overlooked. Cost-saving measures must not compromise data protection.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Regular security audits, Limit audio recording duration to intended interactions, Ensure compliance with data protection regulations, Implement strict access controls for databases and Enhance monitoring for unauthorized access.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Washington State Office of the Attorney General and Jeremiah Fowler (Security Researcher).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Partially resolved (databases secured, but exposure duration unclear).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Malicious Script.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Insertion of malicious script by an unauthorized individual, Misconfigured database access controls, lack of security oversight for AI systems.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Databases secured, but further measures needed to prevent recurrence.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=sears' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
