Whether at the border, up in space, or on the battlefield, we build the advanced technology that makes America stronger, faster, and safer. It’s who we are and what we do. It’s in our code.
UpGuard is a comprehensive cyber risk solution that combines third-party security ratings, vendor questionnaires, and threat intelligence capabilities to help businesses manage and improve their security posture.
Security & Compliance Standards Overview
No incidents recorded for Booz Allen Hamilton in 2025.
No incidents recorded for UpGuard in 2025.
Booz Allen Hamilton cyber incidents detection timeline including parent company and subsidiaries
UpGuard cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges.
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.
OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter.
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase votes at a reduced cost. Furthermore, by modifying the zid parameter, attackers can influence purchases made by other users, amplifying the impact. This issue stems from insufficient server-side validation of these parameters, potentially leading to economic loss and unfair manipulation of vote counts.
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execute arbitrary commands with root privileges on the underlying system.
