SDM
Company Details
Linkedin ID:
shoppers-drug-mart
Website:
Employees number:
31,984
Number of followers:
211,309
NAICS:
43
Industry Type:
Homepage:
shoppersdrugmart.ca
IP Addresses:
0
Company ID:
SHO_2418665
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Shoppers Drug Mart Vendor Cyber Rating & Cyber Score
shoppersdrugmart.caBuilt on a foundation of professional expertise and personal service, Shoppers Drug Mart has been meeting Canadians' health care needs for 50 years. What was once a small pharmacy in Toronto has grown into an organization of over 1,200 stores from coast to coast, becoming an indelible part of the lives of Canadians, young and old. Yet despite our growth, we have never forgotten our origins. We have always remained true to our belief that the personal satisfaction of each and every customer is at the root of our success - and it can only be ensured by the commitment of people who realize that success is built one customer at a time.
Shoppers Drug Mart A.I CyberSecurity Scoring
SDM Risk Score (AI oriented)Between 650 and 699
SDM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SDM Global Score (TPRM)XXXX
SDM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SDM Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
OracleShoppers Drug Mart, President’s Choice, Loblaw, No Frills and PC Optimum: “Threat Actor” on the dark web claims Loblaw’s “low-level” data breach is a much larger threat
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Loblaw Faces Alleged Massive Data Breach as Threat Actor Demands Response A threat actor operating under the handle *"igotafeeling"* on the *DarkWeb Informer* forum has claimed to have breached Loblaw, Canada’s largest food and pharmacy retailer, which owns brands like *President’s Choice, No Frills, Shoppers Drug Mart, Real Canadian Superstore*, and the *PC Optimum* loyalty program. The actor alleges possession of over 1.8 billion records, including: - 75.1 million Salesforce customer records (names, emails, phone numbers, addresses, loyalty IDs, and health card numbers) - 724.9 million Shoppers Drug Mart records (passwords, tokens, loyalty IDs, payment details, and full credit card numbers with expiry dates) - 129.9 million pharmacy fill requests (prescription numbers and patient IDs) - 120.4 million e-commerce fraud-feed records (payment card BINs, last-four digits, and expiry dates) - 20.2 million Delivery Ops Portal records (orders, deliveries, and postal codes) - 3,014 GitLab projects containing Loblaw’s full source code - 19.3 million Oracle identity records (MFA device details and credentials) - 55.3 million marketing and email records across 673 tables The threat actor has given Loblaw until March 19 to respond, accusing the company of *"ghosting"* them and dismissing customer and investor concerns. They have also invited media organizations to verify the data’s authenticity. In response, Loblaw issued a March 12 press release, labeling the incident a *"low-level data breach"* and stating that only *"basic customer information"* (names, phone numbers, and emails) may have been accessed. The company explicitly denied evidence of financial or credit card data compromise directly contradicting the threat actor’s claims. While the breach remains unverified, the scale of the alleged exposure if confirmed would rank among the largest in Canadian history. The situation mirrors past high-profile breaches (e.g., *T-Mobile, Equifax, Capital One*), where initial corporate statements downplayed impact before later revelations proved otherwise. Loblaw customers with *PC Optimum accounts, Shoppers Drug Mart loyalty cards, or prescription histories* may be affected if the claims hold true. The deadline for Loblaw’s response is six days away.
Loblaw Companies Limited, Shoppers Drug Mart and No Frills: Loblaw investigates data breach after identifying suspicious activity
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Loblaw Investigates Data Breach Following Suspicious Activity Loblaw Companies Limited, one of Canada’s largest grocery and pharmacy retailers, is investigating a potential data breach after detecting suspicious activity within its systems. The company confirmed the incident but has not disclosed specific details about the nature of the breach, the number of affected customers, or whether personal or financial data was compromised. The investigation comes as cybersecurity threats targeting retailers continue to rise, with attackers often seeking payment card information, customer records, or access to corporate networks. Loblaw operates major brands, including Shoppers Drug Mart, Real Canadian Superstore, and No Frills, serving millions of Canadians. While the company has not provided a timeline for the incident, data breaches in the retail sector typically prompt heightened monitoring for fraudulent transactions and potential regulatory scrutiny. The outcome of Loblaw’s investigation may determine whether affected individuals will be notified or offered credit monitoring services. The incident underscores the ongoing risks faced by large retailers, which remain prime targets for cybercriminals due to the vast amounts of sensitive data they handle. Further updates are expected as the investigation progresses.
SDM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SDM
Incidents vs Retail Industry Average (This Year)
Shoppers Drug Mart has 50.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Shoppers Drug Mart has 13.79% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types SDM vs Retail Industry Avg (This Year)
Shoppers Drug Mart reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — SDM (X = Date, Y = Severity)
SDM cyber incidents detection timeline including parent company and subsidiaries
SDM Company Subsidiaries
Built on a foundation of professional expertise and personal service, Shoppers Drug Mart has been meeting Canadians' health care needs for 50 years. What was once a small pharmacy in Toronto has grown into an organization of over 1,200 stores from coast to coast, becoming an indelible part of the lives of Canadians, young and old. Yet despite our growth, we have never forgotten our origins. We have always remained true to our belief that the personal satisfaction of each and every customer is at the root of our success - and it can only be ensured by the commitment of people who realize that success is built one customer at a time.
Loading...
SDM Similar Companies
Speedway
Speedway operates across the U.S., predominately in the Midwest and East Coast. In May 2021, 7-Eleven acquired 3,800 Speedway Stores from Marathon Petroleum Corp., increasing 7-Eleven’s total number of stores to more than 13,000 in the U.S. and Canada and allowing 7-Eleven to bring convenience to mo
Somos Supermercados Peruanos S.A. (SPSA), la cadena más grande de supermercados en Perú, orgullosos de ser 100% capital peruano y pertenecer al Grupo Intercorp. Tenemos más de 400 tiendas a nivel nacional y 4 formatos: - PlazaVea, nuestra marca líder en recordación y participación de mercado. -
Five Below
At Five Below our growth is a result of the people who embrace our purpose: We know life is way better when you are free to Let Go & Have Fun in an amazing experience, filled with unlimited possibilities, priced so low, you can always say yes to the newest, coolest stuff! Just ask any of our over 27
Grupo Carrefour Brasil
Reunimos uma equipe com mais de 70.000 colaboradores que representam a diversidade deste país. Hoje, somos um dos maiores empregadores do Brasil. Junto com os nossos fornecedores e parceiros, estamos comprometidos em satisfazer e encantar os consumidores todos os dias, construindo a nossa história c
Albertsons Companies is one of the largest food and drug retailers in the United States, with over 2,200 stores in 34 states and the District of Columbia. Our well-known banners include Albertsons, Safeway, Vons, Jewel-Osco, Shaw's, Acme, Tom Thumb, Randalls, United Supermarkets, Pavilions, Star Mar
DMart - Avenue Supermarts Ltd
“DMart is a one-stop supermarket chain that aims to offer customers a wide range of basic home and personal products under one roof. Each DMart store stocks home utility products - including food, toiletries, beauty products, garments, kitchenware, bed and bath linen, home appliances and more - avai
Woolworths offers a unique blend of food, fashion, beauty and homeware. Since 1931, we’ve found ways to do better, think bigger, inspire more, care more. As we continue to innovate and evolve, our commitment to quality will never change. Woolies Exceptional Quality™ is the driving force of every d
Landmark Group
For over five decades, Landmark Group has shaped the region’s retail and hospitality landscape-growing from a single store in Bahrain to one of the largest and most successful omnichannel and hospitality groups across the Middle East, Asia and Africa. Rooted in purpose and powered by innovation, we
Grupo Dia
With more than 40 years history, Grupo DIA is a Spanish multinational in the food, drugstore, beauty and health distribution sector. DIA arrived with the commitment to respond to the needs of all families, offering quality at the best price through a wide network of local shops. Since then, our eff
.png)
SDM CyberSecurity News
March 15, 2026 07:00 AM
Loblaw Data Breach Impacts Customer Information
Canadian retailer Loblaw has disclosed a data breach after threat actors gained access to customer information.
March 15, 2026 07:00 AM
Loblaw Companies Stock (ISIN: CA5394811015) Faces Cybersecurity Scrutiny Amid Valuation Debate
Loblaw Companies stock (ISIN: CA5394811015) trades at CA$63.32 as a recent cybersecurity breach raises concerns, yet analysts see...
January 28, 2026 08:00 AM
'I know I didn't redeem those': Windsor man wonders about missing Petro-Points
Harvey Lemire of Windsor says $140 worth of his Petro-Points were redeemed at locations he doesn't recognize. He's advising people to check...
November 08, 2025 08:00 AM
CityHousing Hamilton Reports $1.7-Million Surplus, Falling $4 Million Short of Surplus Target
CityHousing Hamilton (CHH), the City of Hamilton's social housing agency, reported a net surplus of $1,690,867 for 2024,...
April 29, 2024 07:00 AM
London Drugs customers in Edmonton concerned after 'cybersecurity incident'
London Drugs locations in Alberta and throughout western Canada are closed Monday after what the company described as a "cybersecurity...
December 13, 2022 08:00 AM
B.C. man shocked after $700 drained from his Walmart gift cards
With the gift-giving season upon us, two shoppers share their gift card scam stories to warn others what to watch out for.
March 30, 2020 07:00 AM
Email, text message attacks surge during COVID-19 crisis
Cybersecurity experts describe it as a perfect storm: employees working from home — away from their firm's IT experts and sometimes without...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SDM CyberSecurity History Information
Official Website of Shoppers Drug Mart
The official website of Shoppers Drug Mart is http://www.shoppersdrugmart.ca.
Shoppers Drug Mart’s AI-Generated Cybersecurity Score
According to Rankiteo, Shoppers Drug Mart’s AI-generated cybersecurity score is 673, reflecting their Weak security posture.
How many security badges does Shoppers Drug Mart’ have ?
According to Rankiteo, Shoppers Drug Mart currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Shoppers Drug Mart been affected by any supply chain cyber incidents ?
According to Rankiteo, Shoppers Drug Mart has been affected by a supply chain cyber incident involving Oracle, with the incident ID NO-SHOPRELOB1773534483.
Does Shoppers Drug Mart have SOC 2 Type 1 certification ?
According to Rankiteo, Shoppers Drug Mart is not certified under SOC 2 Type 1.
Does Shoppers Drug Mart have SOC 2 Type 2 certification ?
According to Rankiteo, Shoppers Drug Mart does not hold a SOC 2 Type 2 certification.
Does Shoppers Drug Mart comply with GDPR ?
According to Rankiteo, Shoppers Drug Mart is not listed as GDPR compliant.
Does Shoppers Drug Mart have PCI DSS certification ?
According to Rankiteo, Shoppers Drug Mart does not currently maintain PCI DSS compliance.
Does Shoppers Drug Mart comply with HIPAA ?
According to Rankiteo, Shoppers Drug Mart is not compliant with HIPAA regulations.
Does Shoppers Drug Mart have ISO 27001 certification ?
According to Rankiteo,Shoppers Drug Mart is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Shoppers Drug Mart
Shoppers Drug Mart operates primarily in the Retail industry.
Number of Employees at Shoppers Drug Mart
Shoppers Drug Mart employs approximately 31,984 people worldwide.
Subsidiaries Owned by Shoppers Drug Mart
Shoppers Drug Mart presently has no subsidiaries across any sectors.
Shoppers Drug Mart’s LinkedIn Followers
Shoppers Drug Mart’s official LinkedIn profile has approximately 211,309 followers.
NAICS Classification of Shoppers Drug Mart
Shoppers Drug Mart is classified under the NAICS code 43, which corresponds to Retail Trade.
Shoppers Drug Mart’s Presence on Crunchbase
No, Shoppers Drug Mart does not have a profile on Crunchbase.
Shoppers Drug Mart’s Presence on LinkedIn
Yes, Shoppers Drug Mart maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/shoppers-drug-mart.
Cybersecurity Incidents Involving Shoppers Drug Mart
As of April 02, 2026, Rankiteo reports that Shoppers Drug Mart has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Shoppers Drug Mart has an estimated 15,730 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Shoppers Drug Mart ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Shoppers Drug Mart detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with press release downplaying the breach and denying financial data compromise..
Incident Details
Can you provide details on each incident ?
Title: Loblaw Investigates Data Breach Following Suspicious Activity
Description: Loblaw Companies Limited, one of Canada’s largest grocery and pharmacy retailers, is investigating a potential data breach after detecting suspicious activity within its systems. The company confirmed the incident but has not disclosed specific details about the nature of the breach, the number of affected customers, or whether personal or financial data was compromised.
Type: Data Breach
Title: Alleged Massive Data Breach at Loblaw
Description: A threat actor operating under the handle 'igotafeeling' on the DarkWeb Informer forum has claimed to have breached Loblaw, Canada’s largest food and pharmacy retailer. The actor alleges possession of over 1.8 billion records, including customer data, pharmacy records, payment details, and source code. Loblaw has labeled the incident a 'low-level data breach' and denied evidence of financial or credit card data compromise.
Date Publicly Disclosed: 2024-03-12
Type: Data Breach
Threat Actor: igotafeeling
Motivation: Extortion (response demanded by March 19)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach NO-SHOPRELOB1773534483
Data Compromised: Over 1.8 billion records allegedly exposed
Systems Affected: SalesforceShoppers Drug Mart systemsGitLab projectsOracle identity systemsE-commerce platforms
Brand Reputation Impact: Potential significant impact if claims are verified
Identity Theft Risk: High (health card numbers, prescription IDs, PII)
Payment Information Risk: High (full credit card numbers with expiry dates)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data, Financial Data, , Customer Records (Names, Emails, Phone Numbers, Addresses, Loyalty Ids), Health Card Numbers, Pharmacy Fill Requests (Prescription Numbers, Patient Ids), Payment Details (Full Credit Card Numbers With Expiry Dates, Bins, Last-Four Digits), Source Code (Gitlab Projects), Mfa Device Details And Credentials (Oracle Identity Records), Marketing And Email Records and .
Which entities were affected by each incident ?
Incident : Data Breach LOBSHONO-1773196440
Entity Name: Loblaw Companies Limited
Entity Type: Retailer
Industry: Grocery and Pharmacy
Location: Canada
Size: Large
Incident : Data Breach NO-SHOPRELOB1773534483
Entity Name: Loblaw Companies Limited
Entity Type: Retailer / Pharmacy
Industry: Retail, Grocery, Pharmacy, Loyalty Programs
Location: Canada
Size: Large (Canada’s largest food and pharmacy retailer)
Customers Affected: Potentially millions (PC Optimum, Shoppers Drug Mart, prescription users)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach NO-SHOPRELOB1773534483
Communication Strategy: Press release downplaying the breach and denying financial data compromise
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach LOBSHONO-1773196440
Type of Data Compromised: Personal data, Financial data
Incident : Data Breach NO-SHOPRELOB1773534483
Type of Data Compromised: Customer records (names, emails, phone numbers, addresses, loyalty ids), Health card numbers, Pharmacy fill requests (prescription numbers, patient ids), Payment details (full credit card numbers with expiry dates, bins, last-four digits), Source code (gitlab projects), Mfa device details and credentials (oracle identity records), Marketing and email records
Number of Records Exposed: 1.8 billion (alleged)
Sensitivity of Data: High (PII, financial data, health information, source code)
Data Exfiltration: Alleged (data sold on dark web if claims are true)
Personally Identifiable Information: Yes (names, emails, phone numbers, addresses, health card numbers, prescription IDs)
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach NO-SHOPRELOB1773534483
Data Exfiltration: Alleged
References
Where can I find more information about each incident ?
Incident : Data Breach LOBSHONO-1773196440
Source: Cyber Incident Description
Incident : Data Breach NO-SHOPRELOB1773534483
Source: DarkWeb Informer forum (threat actor 'igotafeeling')
Incident : Data Breach NO-SHOPRELOB1773534483
Source: Loblaw Press Release (March 12)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyber Incident Description, and Source: DarkWeb Informer forum (threat actor 'igotafeeling'), and Source: Loblaw Press Release (March 12).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach LOBSHONO-1773196440
Investigation Status: Ongoing
Incident : Data Breach NO-SHOPRELOB1773534483
Investigation Status: Unverified (allegations under scrutiny)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Press release downplaying the breach and denying financial data compromise.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach NO-SHOPRELOB1773534483
Customer Advisories: Loblaw customers with PC Optimum accounts, Shoppers Drug Mart loyalty cards, or prescription histories advised to monitor for potential fraud
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Loblaw customers with PC Optimum accounts, Shoppers Drug Mart loyalty cards and or prescription histories advised to monitor for potential fraud.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an igotafeeling.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-03-12.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Over 1.8 billion records allegedly exposed.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was SalesforceShoppers Drug Mart systemsGitLab projectsOracle identity systemsE-commerce platforms.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Over 1.8 billion records allegedly exposed.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.8B.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Loblaw Press Release (March 12), DarkWeb Informer forum (threat actor 'igotafeeling') and Cyber Incident Description.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Loblaw customers with PC Optimum accounts, Shoppers Drug Mart loyalty cards and or prescription histories advised to monitor for potential fraud.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=shoppers-drug-mart' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
