UP
Company Details
Linkedin ID:
university-of-pennsylvania
Website:
Employees number:
22,599
Number of followers:
579,397
NAICS:
6113
Industry Type:
Homepage:
upenn.edu
IP Addresses:
1047
Company ID:
UNI_5783928
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
University of Pennsylvania Vendor Cyber Rating & Cyber Score
upenn.eduThe University of Pennsylvania is one of the oldest universities in America and, as a member of the Ivy League, one of the most prestigious institutions of higher learning in all the world. Penn is home to 12 schools including the School of Arts and Sciences, the School of Nursing, the School of Engineering and Applied Science and the Wharton School of Business, as well as several graduate and professional schools such as the Perelman School of Medicine.
University of Pennsylvania A.I CyberSecurity Scoring
UP Risk Score (AI oriented)Between 650 and 699
UP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UP Global Score (TPRM)XXXX
UP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UP Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
University of Pennsylvania confirms new data breach after Oracle hack
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of Pennsylvania (Penn) has announced a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. The private Ivy League research university was founded in 1740 and has 5,827 faculty members and 29,109 students, with an 8:1 student-to-faculty ratio. It also has an academic operating budget of $4.7 billion and an endowment of $24.8 billion as of June 30, 2025. The University of Pennsylvania disclosed another breach in late October 2025, after a hacker compromised internal systems and stole data on Penn's development and alumni activities. The attacker claimed they exfiltrated personal information belonging to roughly 1.2 million students, alumni, and donors. In recent weeks, other Ivy League schools have been targeted by a series of voice phishing attacks, with Harvard University and Princeton University also reporting that a hacker breached systems used for development and alumni activities to steal the personal information of students, alumni, donors, staff, and faculty. Penn's Oracle EBS breach In a breach notification letter filed with the office of Maine's Attorney General this week, Penn noted that the attackers exploited a previously unknown security vulnerability in the Oracle E-Business Suite (EBS) financial application (also known as a zero-day flaw) to steal the personal information belonging to 1,488 individuals. However, the number of people potentially impacted by the i
University of Pennsylvania (Penn)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of Pennsylvania (Penn) suffered a cybersecurity breach in which an unauthorized individual infiltrated its network and potentially exfiltrated personally identifiable information (PII) of over one million donors. The compromised data includes donation histories, donor net worth, and demographic details, though the full scope of misuse remains under investigation. The incident has prompted a class-action investigation by Lynch Carpenter, LLP, a national law firm specializing in data privacy litigation, suggesting significant legal and reputational risks for Penn. Affected individuals may be eligible for compensation, indicating potential financial liabilities for the institution. The breach underscores vulnerabilities in Penn’s cybersecurity defenses, particularly in safeguarding high-value donor data, which could erode trust among stakeholders and donors. The long-term impact may include regulatory scrutiny, operational disruptions, and costs associated with remediation, notification, and legal settlements.
UP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UP
Incidents vs Higher Education Industry Average (This Year)
No incidents recorded for University of Pennsylvania in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for University of Pennsylvania in 2026.
Incident Types UP vs Higher Education Industry Avg (This Year)
No incidents recorded for University of Pennsylvania in 2026.
Incident History — UP (X = Date, Y = Severity)
UP cyber incidents detection timeline including parent company and subsidiaries
UP Company Subsidiaries
The University of Pennsylvania is one of the oldest universities in America and, as a member of the Ivy League, one of the most prestigious institutions of higher learning in all the world. Penn is home to 12 schools including the School of Arts and Sciences, the School of Nursing, the School of Engineering and Applied Science and the Wharton School of Business, as well as several graduate and professional schools such as the Perelman School of Medicine.
Loading...
UP Similar Companies
New York University
Founded in 1831, NYU is one of the world’s foremost research universities and is a member of the selective Association of American Universities. The first Global Network University, NYU has degree-granting university campuses in New York and Abu Dhabi, and has announced a third in Shanghai; has a do
Cairo University
A comprehensive institution of higher learning located in Giza, Egypt, is committed to preparing students for the challenges of a rapidly changing workplace. Through interactive learning and new information technologies, our graduates are poised to enter the work force with the skills needed to
University of South Florida
The University of South Florida, a high-impact research university dedicated to student success and committed to community engagement, generates an annual economic impact of more than $6 billion. With campuses in Tampa, St. Petersburg and Sarasota-Manatee, USF serves approximately 50,000 students wh
The University of Queensland
For more than a century, The University of Queensland (UQ) has maintained a global reputation for delivering knowledge leadership for a better world. The most prestigious and widely recognised rankings of world universities consistently place UQ among the world's top universities. UQ has also wo
University of Oklahoma
Attracting top students from across the nation and more than 100 countries around the world, OU provides a major university experience in a private college atmosphere. In fact, OU is number one in the nation in the number of National Merit Scholars enrolled at a public university, and is in the top
The University of Georgia
The University of Georgia, a land-grant and sea-grant university with state-wide commitments and responsibilities, is the state's flagship institution of higher education. It is also the state's oldest, most comprehensive and most diversified institution of higher education. Its motto, "to teach, to
Florida International University
FIU is Miami's public research university. Offering bachelor's, master's and doctoral degrees, both on campus and fully online. Designated a Preeminent State Research University, FIU emphasizes research as a major component in the university's mission. For more than 50 years, FIU has positioned
The University of Missouri System has provided teaching, research and service to Missouri and the nation since 1839. The university was the first publicly supported institution of higher education established in the Louisiana Purchase territory. Its philosophy of education was shaped in accordance
Texas Tech University
A new era of excellence is dawning at Texas Tech University as it stands on the cusp of being one of the nation's premier research institutions. Research and enrollment numbers are at record levels, which cement Texas Tech's commitment to attracting and retaining quality students. In fall 2020, th
.png)
UP CyberSecurity News
February 10, 2026 08:00 AM
Penn data leaked after University refused to pay $1 million ransom, hacker group says
After the ransom went unpaid, the hackers surfaced online to take credit for the attack and set the record straight.
February 09, 2026 08:00 AM
Michael Hicks on Building Safer Software and a Better Practices in Cybersecurity
In the News / February 9, 2026. Share: Author: Melissa Pappas. When Michael Hicks, the Cecilia Fitler Moore Professor in Computer and Information Science,...
February 08, 2026 08:00 AM
Hackers Leak Over Two Million Records After Harvard, UPenn Refuse Ransom
Hackers leak over two million records after Harvard and UPenn refuse ransom, escalating phishing-led breaches into a major alumni data...
February 05, 2026 08:00 AM
New files leaked in data breach show how Penn tracked years of donor activity
A cache of confidential University files released by the cybercrime group ShinyHunters appears to contain never-before-seen donor records...
February 05, 2026 08:00 AM
Personal data stolen during Harvard and UPenn data breaches leaked online
ShinyHunters leaked over one million records stolen from Harvard and UPenn onto their dark web site; Data includes personal details,...
February 05, 2026 08:00 AM
Hackers dump millions of stolen records in Harvard and UPenn data incidents
Extortion group ShinyHunters publicly dumped over two million records allegedly stolen from Harvard University and the University of...
February 04, 2026 08:00 AM
Cybercrime group claims responsibility for Penn email hack, leaks additional internal files
Cybercrime group ShinyHunters appears to have taken responsibility for the October 2025 data breach at Penn's Graduate School of Education...
February 04, 2026 08:00 AM
Hackers publish personal information stolen during Harvard, UPenn data breaches
The prolific cybercrime group ShinyHunters took responsibility for hacking Harvard and the University of Pennsylvania, and published the...
February 02, 2026 08:00 AM
Penn Engineering Launches New Master’s Program in Software Systems and Cybersecurity
Academics, In the News, Students / February 2, 2026. Share: Author: Ian Scheffler. The University of Pennsylvania School of Engineering and Applied Science...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UP CyberSecurity History Information
Official Website of University of Pennsylvania
The official website of University of Pennsylvania is http://www.upenn.edu/.
University of Pennsylvania’s AI-Generated Cybersecurity Score
According to Rankiteo, University of Pennsylvania’s AI-generated cybersecurity score is 684, reflecting their Weak security posture.
How many security badges does University of Pennsylvania’ have ?
According to Rankiteo, University of Pennsylvania currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has University of Pennsylvania been affected by any supply chain cyber incidents ?
According to Rankiteo, University of Pennsylvania has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does University of Pennsylvania have SOC 2 Type 1 certification ?
According to Rankiteo, University of Pennsylvania is not certified under SOC 2 Type 1.
Does University of Pennsylvania have SOC 2 Type 2 certification ?
According to Rankiteo, University of Pennsylvania does not hold a SOC 2 Type 2 certification.
Does University of Pennsylvania comply with GDPR ?
According to Rankiteo, University of Pennsylvania is not listed as GDPR compliant.
Does University of Pennsylvania have PCI DSS certification ?
According to Rankiteo, University of Pennsylvania does not currently maintain PCI DSS compliance.
Does University of Pennsylvania comply with HIPAA ?
According to Rankiteo, University of Pennsylvania is not compliant with HIPAA regulations.
Does University of Pennsylvania have ISO 27001 certification ?
According to Rankiteo,University of Pennsylvania is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of University of Pennsylvania
University of Pennsylvania operates primarily in the Higher Education industry.
Number of Employees at University of Pennsylvania
University of Pennsylvania employs approximately 22,599 people worldwide.
Subsidiaries Owned by University of Pennsylvania
University of Pennsylvania presently has no subsidiaries across any sectors.
University of Pennsylvania’s LinkedIn Followers
University of Pennsylvania’s official LinkedIn profile has approximately 579,397 followers.
NAICS Classification of University of Pennsylvania
University of Pennsylvania is classified under the NAICS code 6113, which corresponds to Colleges, Universities, and Professional Schools.
University of Pennsylvania’s Presence on Crunchbase
No, University of Pennsylvania does not have a profile on Crunchbase.
University of Pennsylvania’s Presence on LinkedIn
Yes, University of Pennsylvania maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/university-of-pennsylvania.
Cybersecurity Incidents Involving University of Pennsylvania
As of April 02, 2026, Rankiteo reports that University of Pennsylvania has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
University of Pennsylvania has an estimated 15,823 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at University of Pennsylvania ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does University of Pennsylvania detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with public disclosure via press release; legal firm (lynch carpenter, llp) notified affected individuals for potential claims, and communication strategy with breach notification letter filed with maine's attorney general..
Incident Details
Can you provide details on each incident ?
Title: University of Pennsylvania Data Breach (2025)
Description: An unauthorized person gained access to the University of Pennsylvania's (Penn) network and may have acquired records containing personally identifiable information (PII) of over one million donors, including donation history, net worth, and demographic details. Lynch Carpenter, LLP is investigating potential claims related to this breach.
Date Publicly Disclosed: 2025-11-04
Type: Data Breach
Threat Actor: Unauthorized person
Title: University of Pennsylvania Oracle E-Business Suite Data Breach
Description: The University of Pennsylvania (Penn) announced a data breach after attackers exploited a zero-day vulnerability in its Oracle E-Business Suite (EBS) servers in August 2025, stealing personal information of 1,488 individuals. A separate breach in late October 2025 involved a hacker compromising internal systems and exfiltrating data on roughly 1.2 million students, alumni, and donors related to development and alumni activities. The incident is part of a broader series of voice phishing attacks targeting Ivy League institutions, including Harvard and Princeton.
Date Publicly Disclosed: 2025-10-late
Type: Data Breach
Attack Vector: Zero-Day Vulnerability in Oracle E-Business SuiteVoice Phishing (for broader Ivy League attacks)
Vulnerability Exploited: Unknown (zero-day) vulnerability in Oracle E-Business Suite (EBS)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Zero-day vulnerability in Oracle EBS (August)Voice phishing (broader Ivy League attacks).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UNI1692816110425
Data Compromised: Donation history, Donor net worth, Demographic details
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive donor information
Legal Liabilities: Lynch Carpenter, LLP is investigating claims for potential compensation; class action lawsuit possible
Identity Theft Risk: High (PII exposed)
Incident : Data Breach UNI1764684299
Data Compromised: Personal information of 1,488 individuals (august breach), Personal information of ~1.2 million students, alumni, and donors (october breach)
Systems Affected: Oracle E-Business Suite (EBS) serversInternal systems (development and alumni activities)
Brand Reputation Impact: Potential reputational damage due to breach affecting students, alumni, and donors
Identity Theft Risk: High (personal information exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Donation History, Donor Net Worth, Demographic Details, and Personal information.
Which entities were affected by each incident ?
Incident : Data Breach UNI1692816110425
Entity Name: University of Pennsylvania (Penn)
Entity Type: Educational Institution
Industry: Higher Education
Location: Philadelphia, Pennsylvania, USA
Customers Affected: 1,000,000+ (donors)
Incident : Data Breach UNI1764684299
Entity Name: University of Pennsylvania (Penn)
Entity Type: Educational Institution (Private Ivy League University)
Industry: Higher Education
Location: Philadelphia, Pennsylvania, USA
Size: 29,109 students, 5,827 faculty members
Customers Affected: 1,488 individuals (August breach); ~1.2 million students, alumni, and donors (October breach)
Incident : Data Breach UNI1764684299
Entity Name: Harvard University
Entity Type: Educational Institution (Private Ivy League University)
Industry: Higher Education
Location: Cambridge, Massachusetts, USA
Incident : Data Breach UNI1764684299
Entity Name: Princeton University
Entity Type: Educational Institution (Private Ivy League University)
Industry: Higher Education
Location: Princeton, New Jersey, USA
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach UNI1692816110425
Communication Strategy: Public disclosure via press release; legal firm (Lynch Carpenter, LLP) notified affected individuals for potential claims
Incident : Data Breach UNI1764684299
Communication Strategy: Breach notification letter filed with Maine's Attorney General
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UNI1692816110425
Type of Data Compromised: Donation history, Donor net worth, Demographic details
Number of Records Exposed: 1,000,000+
Sensitivity of Data: High (PII, financial details)
Data Exfiltration: Possible (unauthorized access and acquisition of records)
Incident : Data Breach UNI1764684299
Type of Data Compromised: Personal information
Number of Records Exposed: 1,488 (August breach), ~1,200,000 (October breach)
Sensitivity of Data: High (personal information of students, alumni, donors, faculty, and staff)
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach UNI1764684299
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach UNI1692816110425
Legal Actions: Potential class action lawsuit (under investigation by Lynch Carpenter, LLP)
Incident : Data Breach UNI1764684299
Regulatory Notifications: Maine Attorney General (breach notification letter)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Potential class action lawsuit (under investigation by Lynch Carpenter, LLP).
References
Where can I find more information about each incident ?
Incident : Data Breach UNI1764684299
Source: University of Pennsylvania Breach Notification (Maine AG Office)
Incident : Data Breach UNI1764684299
Source: University of Pennsylvania Public Disclosure (October 2025)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: GlobeNewswire Press ReleaseDate Accessed: 2025-11-04, and Source: University of Pennsylvania Breach Notification (Maine AG Office), and Source: University of Pennsylvania Public Disclosure (October 2025).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach UNI1692816110425
Investigation Status: Ongoing (Lynch Carpenter, LLP investigating claims)
Incident : Data Breach UNI1764684299
Investigation Status: Ongoing (as of late October 2025)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure via press release; legal firm (Lynch Carpenter, LLP) notified affected individuals for potential claims and Breach notification letter filed with Maine's Attorney General.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach UNI1692816110425
Stakeholder Advisories: Affected donors advised to contact Lynch Carpenter, LLP for legal review
Customer Advisories: Donors whose PII may have been compromised are encouraged to seek legal consultation via Lynch Carpenter, LLP
Incident : Data Breach UNI1764684299
Customer Advisories: Breach notification letters sent to affected individuals
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Affected donors advised to contact Lynch Carpenter, LLP for legal review, Donors whose PII may have been compromised are encouraged to seek legal consultation via Lynch Carpenter, LLP and Breach notification letters sent to affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UNI1692816110425
High Value Targets: Donor Records, Financial Details,
Data Sold on Dark Web: Donor Records, Financial Details,
Incident : Data Breach UNI1764684299
Entry Point: Zero-Day Vulnerability In Oracle Ebs (August), Voice Phishing (Broader Ivy League Attacks),
High Value Targets: Development And Alumni Activity Systems, Personal Data Of Students, Alumni, And Donors,
Data Sold on Dark Web: Development And Alumni Activity Systems, Personal Data Of Students, Alumni, And Donors,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach UNI1764684299
Root Causes: Zero-Day Vulnerability In Oracle Ebs, Potential Voice Phishing (For Broader Attacks),
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized person.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-10-late.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were donation history, donor net worth, demographic details, , Personal information of 1,488 individuals (August breach), Personal information of ~1.2 million students, alumni, and donors (October breach) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Oracle E-Business Suite (EBS) serversInternal systems (development and alumni activities).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were donation history, Personal information of ~1.2 million students, alumni, and donors (October breach), demographic details, donor net worth, Personal information of 1 and488 individuals (August breach).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 2.2M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Potential class action lawsuit (under investigation by Lynch Carpenter, LLP).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are University of Pennsylvania Public Disclosure (October 2025), GlobeNewswire Press Release and University of Pennsylvania Breach Notification (Maine AG Office).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Lynch Carpenter, LLP investigating claims).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Affected donors advised to contact Lynch Carpenter, LLP for legal review, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Donors whose PII may have been compromised are encouraged to seek legal consultation via Lynch Carpenter, LLP and Breach notification letters sent to affected individuals.
Initial Access Broker
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=university-of-pennsylvania' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
