CC
Company Details
Linkedin ID:
city-of-columbus
Website:
Employees number:
3,753
Number of followers:
15,466
NAICS:
92
Industry Type:
Homepage:
columbus.gov
IP Addresses:
0
Company ID:
CIT_9006601
Scan Status:
In-progress
City of Columbus Company CyberSecurity Posture
columbus.gov
The City of Columbus, Ohio has been called one the the best places to live, work and raise a family. The Mayor, elected officials and employees of the city government work everyday to maintain that high standard of service and quality of life for all Columbus residents, to keep Columbus neighborhoods vibrant, and to support the economic development of the entire Central Ohio region. The state legislature established Columbus as a city in 1812. The city is a home-rule municipal corporation operating under the laws of Ohio. The City Charter, its constitution, can only be amended by a majority of the city’s voters. The City of Columbus is administered by a Mayor, a seven-member City Council, the City Auditor and City Attorney. These officials are all elected for four-year terms on an at-large basis. The Mayor and four Council members are elected in an odd numbered year. Three Council members, the City Auditor, and the City Attorney are elected in the following odd numbered year. The Charter provides for appointments and elections of successors to these officials if they should, for any reason, vacate their office. All are chosen through a non-partisan process. The Mayor appoints directors for the Departments of Public Safety, Public Service, Public Utilities, Finance and Management, Development, Building and Zoning Services, Human Resources, Technology, Equal Business Opportunity and Community Relations. The remaining four city department directors are appointed by and report to independent commissions. These are the Recreation and Parks Department Director, the Health Commissioner, the Civil Service Executive Secretary and the Secretary of the Sinking fund. The City Treasurer and Clerk to the Council are appointed by, and serve at the pleasure of the Council.
City of Columbus A.I CyberSecurity Scoring
CC Risk Score (AI oriented)Between 0 and 549
CC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CC Global Score (TPRM)XXXX
CC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CC Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
The City of Columbus
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Maine Office of the Attorney General reported a data breach involving the City of Columbus on November 1, 2024. The breach occurred on July 18, 2024, and was a result of external hacking, potentially affecting approximately 500,000 individuals, including 24 residents. Identity theft protection services, including 24-month Experian credit monitoring and dark web monitoring, were offered in response to the incident.
City of Columbus
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In July 2024, the City of Columbus, Ohio, faced a ransomware attack that initially aimed to disrupt its IT infrastructure. Although the attack was thwarted with no systems encrypted, the Rhysida ransomware gang claimed to have stolen 6.5 TB of data, impacting personal and financial information of 500,000 individuals. This included employee credentials, emergency services data, and access to city cameras. The attack resulted in 3.1 TB of data being leaked on the dark web. The city offered credit and dark web monitoring services to affected individuals, and while there has been no reported misuse of the data for identity theft or fraud, the incident raises significant concerns about cybersecurity and data protection.
City of Columbus
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The City of Columbus suffered a severe cyber incident executed by the Rhysida ransomware group, resulting in the theft and public sale of over **6 terabytes of sensitive city data**. The attack forced the shutdown of multiple critical systems, with recovery efforts spanning **months** to restore full functionality. Five plaintiffs—including undercover police officers, firefighters, and a resident—reported **financial fraud** (unauthorized purchases, fraudulent bank accounts) and **extortion attempts** (ransom demands, threats of data exposure). The breach exposed highly sensitive employee and resident data, leading to identity theft risks and operational disruptions. While a lawsuit was filed alleging negligence in data security, it was dismissed due to **political subdivision immunity** under Ohio law, leaving victims without legal recourse despite documented harm. The attack underscored systemic vulnerabilities in the city’s IT infrastructure and the broader challenges of holding government entities accountable for cybersecurity failures.
CC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CC
Incidents vs Government Administration Industry Average (This Year)
City of Columbus has 51.52% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
City of Columbus has 53.85% more incidents than the average of all companies with at least one recorded incident.
Incident Types CC vs Government Administration Industry Avg (This Year)
City of Columbus reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — CC (X = Date, Y = Severity)
CC cyber incidents detection timeline including parent company and subsidiaries
CC Company Subsidiaries
The City of Columbus, Ohio has been called one the the best places to live, work and raise a family. The Mayor, elected officials and employees of the city government work everyday to maintain that high standard of service and quality of life for all Columbus residents, to keep Columbus neighborhoods vibrant, and to support the economic development of the entire Central Ohio region. The state legislature established Columbus as a city in 1812. The city is a home-rule municipal corporation operating under the laws of Ohio. The City Charter, its constitution, can only be amended by a majority of the city’s voters. The City of Columbus is administered by a Mayor, a seven-member City Council, the City Auditor and City Attorney. These officials are all elected for four-year terms on an at-large basis. The Mayor and four Council members are elected in an odd numbered year. Three Council members, the City Auditor, and the City Attorney are elected in the following odd numbered year. The Charter provides for appointments and elections of successors to these officials if they should, for any reason, vacate their office. All are chosen through a non-partisan process. The Mayor appoints directors for the Departments of Public Safety, Public Service, Public Utilities, Finance and Management, Development, Building and Zoning Services, Human Resources, Technology, Equal Business Opportunity and Community Relations. The remaining four city department directors are appointed by and report to independent commissions. These are the Recreation and Parks Department Director, the Health Commissioner, the Civil Service Executive Secretary and the Secretary of the Sinking fund. The City Treasurer and Clerk to the Council are appointed by, and serve at the pleasure of the Council.
Loading...
CC Similar Companies
France Travail
France Travail est un acteur majeur du marché de l’emploi en France où il s’investit pour faciliter le retour à l’emploi des demandeurs d’emploi et offrir aux entreprises des réponses adaptées à leurs besoins de recrutement. Les 55 000 collaborateurs de France Travail œuvrent au quotidien pour êtr
Västra Götalandsregionen
Region Västra Götaland is governed by democratically elected politicians and with just over 50,000 employees is one of Sweden’s biggest employers. It is tasked with offering good healthcare and dental care and providing the prerequisites for good public health, a rich cultural life, a good enviro
Etat de Vaud
Le canton de Vaud, c’est plus de 800 000 personnes vivant dans plus de 300 communes ! Rejoindre l’Administration cantonale vaudoise, c’est s’engager aux côtés de près de 40’000 personnes unies dans un même but : servir la population. Pourquoi nous suivre ? Dédiez votre quart d’heure vaudois aux o
Københavns Kommune
Københavns Kommune er Danmarks største arbejdsplads med ca. 45.000 medarbejdere. Vi udvikler hovedstaden og servicerer over 500.000 københavnere. Vores mål er at fastholde og udvikle København som en af verdens bedste byer at bo i – og skabe øget vækst gennem viden, innovation og beskæftigelse. Fi
Assurance Maladie
Travailler à l’Assurance Maladie, c’est donner une nouvelle dimension à votre métier et agir au quotidien pour la protection de notre système de santé. Participez à une grande diversité de projets dans un cadre bienveillant et soyez fier de contribuer à une mission essentielle : agir ensemble, prot
State of Missouri
Build the Missouri of tomorrow. Ensure a strong foundation today. Join a group of innovative team members focused on driving the State of Missouri forward. As public servants, our team members have the opportunity to produce work that is both lasting and important. This work serves to protect famil
U.S. Department of Homeland Security
The Department of Homeland Security (DHS) has a vital mission: to secure the nation from the many threats we face. This requires the hard work of more than 260,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility in
Ville de Montréal
Montréal est la plus grande ville francophone d’Amérique et elle se distingue par sa vitalité culturelle exceptionnelle et des forces créatrices reconnues mondialement. Elle se développe un peu plus chaque jour en une ville contemporaine, inclusive et dynamique sur les plans économique, culturel
European Commission
The Commission represents and upholds the interests of the EU as a whole, and is independent of national governments. The European Commission prepares legislation for adoption by the Council (representing the member countries) and the Parliament (representing the citizens). It administers the budge
.png)
CC CyberSecurity News
October 25, 2025 07:00 AM
City of Mentor working to restore services after cyberattack
MENTOR, Ohio — The City of Mentor confirmed that it recently suffered a cyberattack and that it took its hosted servers offline to protect...
October 01, 2025 07:00 AM
Columbus has immunity from cyber attack lawsuits, judge rules in dismissing cases
A Franklin County judge has dismissed two lawsuits brought by Columbus employees for how the city handled a cybersecurity attack last...
September 15, 2025 07:00 AM
Columbus cybersecurity report still not released 1 year after attack
COLUMBUS, Ohio — It's been more than a year since the City of Columbus revealed it had suffered a cybersecurity breach, yet key questions...
September 15, 2025 07:00 AM
Columbus cybersecurity report still not released 1 year after attack
Columbus still awaits the release of a promised cybersecurity breach report as investigations continue. Author: 10tv.com.
August 15, 2025 07:00 AM
Ransomware Attack Leads Ohio to Establish New Cybersecurity Protocols
A year after the city of Columbus fell victim to a massive ransomware attack, Ohio now requires every government agency to implement a...
August 14, 2025 07:00 AM
After Columbus cybersecurity attack, Ohio sets new rules for government agencies
COLUMBUS, Ohio (WCMH) – Just over one year after the City of Columbus experienced a ransomware attack, local governments across Ohio are...
August 04, 2025 07:00 AM
Ohio sets new cybersecurity rules for local governments, including public approval of ransomware payments
COLUMBUS, Ohio—Following a string of cyberattacks on local governments across Ohio, the state is now requiring all local governments to have...
August 04, 2025 07:00 AM
New cybersecurity requirements for local governments after cyberattacks, including 2 in Cleveland
COLUMBUS, Ohio — Ohio is now requiring local governments to adopt a cybersecurity program to safeguard taxpayer data and only pay ransom to...
July 29, 2025 07:00 AM
Cybersecurity professional provides insight into St. Paul cyberattack
Major U.S. cities, including Atlanta, Dallas and Columbus, have previously been subjected to cyberattacks.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CC CyberSecurity History Information
Official Website of City of Columbus
The official website of City of Columbus is http://www.columbus.gov/.
City of Columbus’s AI-Generated Cybersecurity Score
According to Rankiteo, City of Columbus’s AI-generated cybersecurity score is 427, reflecting their Critical security posture.
How many security badges does City of Columbus’ have ?
According to Rankiteo, City of Columbus currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does City of Columbus have SOC 2 Type 1 certification ?
According to Rankiteo, City of Columbus is not certified under SOC 2 Type 1.
Does City of Columbus have SOC 2 Type 2 certification ?
According to Rankiteo, City of Columbus does not hold a SOC 2 Type 2 certification.
Does City of Columbus comply with GDPR ?
According to Rankiteo, City of Columbus is not listed as GDPR compliant.
Does City of Columbus have PCI DSS certification ?
According to Rankiteo, City of Columbus does not currently maintain PCI DSS compliance.
Does City of Columbus comply with HIPAA ?
According to Rankiteo, City of Columbus is not compliant with HIPAA regulations.
Does City of Columbus have ISO 27001 certification ?
According to Rankiteo,City of Columbus is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of City of Columbus
City of Columbus operates primarily in the Government Administration industry.
Number of Employees at City of Columbus
City of Columbus employs approximately 3,753 people worldwide.
Subsidiaries Owned by City of Columbus
City of Columbus presently has no subsidiaries across any sectors.
City of Columbus’s LinkedIn Followers
City of Columbus’s official LinkedIn profile has approximately 15,466 followers.
NAICS Classification of City of Columbus
City of Columbus is classified under the NAICS code 92, which corresponds to Public Administration.
City of Columbus’s Presence on Crunchbase
No, City of Columbus does not have a profile on Crunchbase.
City of Columbus’s Presence on LinkedIn
Yes, City of Columbus maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/city-of-columbus.
Cybersecurity Incidents Involving City of Columbus
As of December 06, 2025, Rankiteo reports that City of Columbus has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
City of Columbus has an estimated 11,385 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at City of Columbus ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
How does City of Columbus detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with credit and dark web monitoring services, and recovery measures with prolonged (months to restore some systems)..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on City of Columbus, Ohio
Description: In July 2024, the City of Columbus, Ohio, faced a ransomware attack that initially aimed to disrupt its IT infrastructure. Although the attack was thwarted with no systems encrypted, the Rhysida ransomware gang claimed to have stolen 6.5 TB of data, impacting personal and financial information of 500,000 individuals. This included employee credentials, emergency services data, and access to city cameras. The attack resulted in 3.1 TB of data being leaked on the dark web. The city offered credit and dark web monitoring services to affected individuals, and while there has been no reported misuse of the data for identity theft or fraud, the incident raises significant concerns about cybersecurity and data protection.
Date Detected: 2024-07
Type: Ransomware
Threat Actor: Rhysida ransomware gang
Motivation: Data theft and disruption
Title: Data Breach at City of Columbus
Description: The Maine Office of the Attorney General reported a data breach involving the City of Columbus on November 1, 2024. The breach occurred on July 18, 2024, and was a result of external hacking, potentially affecting approximately 500,000 individuals, including 24 residents. Identity theft protection services, including 24-month Experian credit monitoring and dark web monitoring, were offered in response to the incident.
Date Detected: 2024-07-18
Date Publicly Disclosed: 2024-11-01
Type: Data Breach
Attack Vector: External Hacking
Title: Rhysida Ransomware Attack on the City of Columbus
Description: The city of Columbus was targeted by the Rhysida ransomware group, which exfiltrated over 6 terabytes of city data and posted it for sale. The attack disrupted multiple city systems, causing prolonged downtime. Five city employees (including an undercover police officer and a firefighter) and one resident filed a lawsuit alleging identity theft, unauthorized financial transactions, and extortion threats. The lawsuit was dismissed on September 26 due to the city's political subdivision immunity under Ohio law.
Type: ransomware
Threat Actor: Rhysida
Motivation: financial gaindata theftextortion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware CIT000110524
Data Compromised: Employee credentials, Emergency services data, Access to city cameras
Identity Theft Risk: ['personal and financial information of 500,000 individuals']
Incident : Data Breach CIT329072725
Identity Theft Risk: High
Incident : ransomware CIT2794927100225
Data Compromised: 6+ terabytes
Systems Affected: multiple (city systems)
Downtime: months (for some systems)
Operational Impact: severe (system shutdowns, prolonged recovery)
Brand Reputation Impact: moderate (lawsuit, public disclosure of breach)
Legal Liabilities: lawsuit dismissed (political subdivision immunity)
Identity Theft Risk: high (unauthorized purchases, fraudulent accounts, extortion threats)
Payment Information Risk: high (fraudulent bank accounts opened)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Employee Credentials, Emergency Services Data, Access To City Cameras, , Personally Identifiable Information (Pii), Employee Records, Resident Data, Potentially Financial Data and .
Which entities were affected by each incident ?
Incident : Ransomware CIT000110524
Entity Name: City of Columbus, Ohio
Entity Type: Government
Industry: Public Administration
Location: Columbus, Ohio
Customers Affected: 500000
Incident : Data Breach CIT329072725
Entity Name: City of Columbus
Entity Type: Government
Industry: Public Administration
Location: Columbus
Customers Affected: 500000
Incident : ransomware CIT2794927100225
Entity Name: City of Columbus
Entity Type: government (municipal)
Industry: public administration
Location: Columbus, Ohio, USA
Customers Affected: 6+ (5 city employees, 1 resident)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware CIT000110524
Third Party Assistance: Credit And Dark Web Monitoring Services.
Incident : ransomware CIT2794927100225
Recovery Measures: prolonged (months to restore some systems)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through credit and dark web monitoring services, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware CIT000110524
Type of Data Compromised: Employee credentials, Emergency services data, Access to city cameras
Number of Records Exposed: 500000
Sensitivity of Data: High
Incident : Data Breach CIT329072725
Number of Records Exposed: 500000
Incident : ransomware CIT2794927100225
Type of Data Compromised: Personally identifiable information (pii), Employee records, Resident data, Potentially financial data
Sensitivity of Data: high (includes undercover police officer and firefighter data)
Data Exfiltration: yes (6+ terabytes posted for sale)
Personally Identifiable Information: yes (used for identity theft, fraudulent accounts)
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware CIT2794927100225
Ransomware Strain: Rhysida
Data Exfiltration: yes (6+ terabytes)
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through prolonged (months to restore some systems).
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware CIT2794927100225
Regulations Violated: alleged failure to follow industry standards, federal data security guidelines,
Fines Imposed: none (lawsuit dismissed)
Legal Actions: lawsuit filed (dismissed on September 26, 2023)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through lawsuit filed (dismissed on September 26, 2023).
References
Where can I find more information about each incident ?
Incident : Data Breach CIT329072725
Source: Maine Office of the Attorney General
Date Accessed: 2024-11-01
Incident : ransomware CIT2794927100225
Source: Court ruling by Judge Carl Aveni (Franklin County)
Incident : ransomware CIT2794927100225
Source: Lawsuit documents (John Doe plaintiffs vs. City of Columbus)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-11-01, and Source: Court ruling by Judge Carl Aveni (Franklin County), and Source: Lawsuit documents (John Doe plaintiffs vs. City of Columbus).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware CIT2794927100225
Investigation Status: closed (lawsuit dismissed; no further details on technical investigation)
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware CIT2794927100225
High Value Targets: City Employee Data, Resident Data,
Data Sold on Dark Web: City Employee Data, Resident Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : ransomware CIT2794927100225
Root Causes: Alleged Failure To Follow Industry Standards, Federal Data Security Guidelines,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Credit And Dark Web Monitoring Services, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Rhysida ransomware gang and Rhysida.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-07.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-11-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were employee credentials, emergency services data, access to city cameras, and 6+ terabytes.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was credit and dark web monitoring services, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were access to city cameras, emergency services data, employee credentials and 6+ terabytes.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0K.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was none (lawsuit dismissed).
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was lawsuit filed (dismissed on September 26, 2023).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Lawsuit documents (John Doe plaintiffs vs. City of Columbus), Maine Office of the Attorney General and Court ruling by Judge Carl Aveni (Franklin County).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is closed (lawsuit dismissed; no further details on technical investigation).
.png)
Latest Global CVEs (Not Company-Specific)
Description
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Description
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
Risk Information
cvss4
Base: 9.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).
Risk Information
cvss2
Base: 5.8
Severity: LOW
AV:N/AC:L/Au:M/C:P/I:P/A:P
cvss3
Base: 4.7
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."
Risk Information
cvss2
Base: 5.1
Severity: HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
cvss3
Base: 5.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
cvss4
Base: 2.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=city-of-columbus' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
