Brown, Lisle/Cummings
Last Update: 2025-12-05
Between 700 and 749
None
NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 13
Subsidiaries: 0
12-month incidents
0
Known data breaches
1
Attack type number
1
Comparison Overview
Brown, Lisle/Cummings
VS
Morningstar
Morningstar
Last Update: 2025-12-09
Between 750 and 799
Morningstar, Inc. is a leading provider of independent investment insights in North America, Europe, Australia, and Asia. The Company offers an extensive line of products and services for individual investors, financial advisors, asset managers and owners, retirement plan providers and sponsors, institutional investors in the debt and private capital markets, and alliances and redistributors. Morningstar provides data and research insights on a wide range of investment offerings, including managed investment products, publicly listed companies, private capital markets, debt securities, and real-time global market data. Morningstar also offers investment management services through its investment advisory subsidiaries, with approximately $352 billion in AUMA as of June 30, 2025. The Company operates through wholly-owned subsidiaries in 32 countries.
NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 11,633
Subsidiaries: 11
12-month incidents
0
Known data breaches
0
Attack type number
0
Compliance Badges Comparison
Security & Compliance Standards Overview
Brown, Lisle/Cummings
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
Morningstar
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
Compliance Summary
Brown, Lisle/Cummings
100%
Compliance Rate
0/4 Standards Verified
Morningstar
0%
Compliance Rate
0/4 Standards Verified
Benchmark & Cyber Underwriting Signals
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Brown, Lisle/Cummings in 2025.
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Morningstar in 2025.
Incident History — Brown, Lisle/Cummings (X = Date, Y = Severity)
Brown, Lisle/Cummings cyber incidents detection timeline including parent company and subsidiaries
Incident History — Morningstar (X = Date, Y = Severity)
Morningstar cyber incidents detection timeline including parent company and subsidiaries
Notable Incidents
Last 3 Security & Risk Events by Company
Brown, Lisle/Cummings
Incidents
Morningstar
Incidents
No Incident
FAQ
Morningstar company demonstrates a stronger AI Cybersecurity Score compared to Brown, Lisle/Cummings company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.
Brown, Lisle/Cummings company has historically faced a number of disclosed cyber incidents, whereas Morningstar company has not reported any.
In the current year, Morningstar company and Brown, Lisle/Cummings company have not reported any cyber incidents.
Neither Morningstar company nor Brown, Lisle/Cummings company has reported experiencing a ransomware attack publicly.
Brown, Lisle/Cummings company has disclosed at least one data breach, while the other Morningstar company has not reported such incidents publicly.
Neither Morningstar company nor Brown, Lisle/Cummings company has reported experiencing targeted cyberattacks publicly.
Neither Brown, Lisle/Cummings company nor Morningstar company has reported experiencing or disclosing vulnerabilities publicly.
Neither Brown, Lisle/Cummings nor Morningstar holds any compliance certifications.
Neither company holds any compliance certifications.
Morningstar company has more subsidiaries worldwide compared to Brown, Lisle/Cummings company.
Morningstar company employs more people globally than Brown, Lisle/Cummings company, reflecting its scale as a Financial Services.
Neither Brown, Lisle/Cummings nor Morningstar holds SOC 2 Type 1 certification.
Neither Brown, Lisle/Cummings nor Morningstar holds SOC 2 Type 2 certification.
Neither Brown, Lisle/Cummings nor Morningstar holds ISO 27001 certification.
Neither Brown, Lisle/Cummings nor Morningstar holds PCI DSS certification.
Neither Brown, Lisle/Cummings nor Morningstar holds HIPAA certification.
Neither Brown, Lisle/Cummings nor Morningstar holds GDPR certification.
Latest Global CVEs (Not Company-Specific)
Description
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f2xv-x3g6-4j9p
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4
- https://tuleap.net/plugins/tracker/?aid=45618
Description
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526
- https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526
- https://tuleap.net/plugins/tracker/?aid=45592
Description
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/993316dd6a291bb3937cb7a4571eaab0e7d55370
- https://github.com/Enalean/tuleap/security/advisories/GHSA-vxfh-h8p6-p5rg
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=993316dd6a291bb3937cb7a4571eaab0e7d55370
- https://tuleap.net/plugins/tracker/?aid=45593
Description
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
- https://github.com/Enalean/tuleap/commit/403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://github.com/Enalean/tuleap/security/advisories/GHSA-v6vm-6rxf-7p2v
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://tuleap.net/plugins/tracker/?aid=45583
Description
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
