COVD
Company Details
Linkedin ID:
city-of-ottawa
Website:
Employees number:
8,697
Number of followers:
100,341
NAICS:
92
Industry Type:
Homepage:
ottawa.ca
IP Addresses:
0
Company ID:
CIT_6219023
Scan Status:
In-progress
City of Ottawa / Ville d’Ottawa Company CyberSecurity Posture
ottawa.ca
The City of Ottawa offers a diverse range of career options. City employees work across 110+ business lines to deliver one thing: excellent service to Ottawa’s residents, businesses and visitors. Whether you want to work in IT, recreation, accounting, engineering, customer service, project management, the trades, emergency services, health care or more, you can find what you're looking for at the City. Visit ottawa.ca/jobs to view all career opportunities. La Ville d’Ottawa offre un large éventail de choix de carrières. Les membres du personnel de la Ville travaillent dans plus de 110 secteurs d’activité pour offrir un excellent service aux résidents, aux entreprises et aux visiteurs d’Ottawa. Que vous vouliez travailler dans les technologies de l’information, les loisirs, la comptabilité, le génie, le service à la clientèle, la gestion de projet, les corps de métier, les services d’urgence, les soins de santé ou ailleurs, vous trouverez ce que vous cherchez à la Ville. Consultez ottawa.ca/emplois pour voir toutes les possibilités d’emploi.
City of Ottawa / Ville d’Ottawa A.I CyberSecurity Scoring
COVD Risk Score (AI oriented)Between 600 and 649
COVD
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
COVD Global Score (TPRM)XXXX
COVD
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
COVD Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
City of Ottawa
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The City of Ottawa disclosed a data breach affecting users of its My ServiceOttawa portal, an online platform for residents to access municipal services. While specifics on the compromised data were not fully detailed, the incident involved unauthorized access to user accounts, potentially exposing personal information linked to service requests, payments, or account profiles. The breach did not explicitly mention large-scale financial fraud, ransomware demands, or systemic disruptions to critical infrastructure. However, the exposure of municipal service users' data even if limited raises concerns about privacy violations and potential misuse of personal details (e.g., names, contact information, or service history). The city likely initiated investigations and mitigation measures, such as notifying affected individuals and reinforcing cybersecurity protocols. The incident underscores vulnerabilities in government digital services, where even localized breaches can erode public trust in institutional data protection.
City of Ottawa
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The City of Ottawa experienced a data breach on its My ServiceOttawa online portal, exposing the email and physical addresses of approximately 2,454 users. The incident occurred on October 3 due to an isolated system error in the service request lookup tool, which allowed an unauthorized user to exploit a bot to access service requests linked to other accounts. No financial, password, or highly sensitive personal information was compromised. The city detected the breach promptly, blocked the unauthorized user, and conducted a thorough analysis to confirm the limited scope of exposure. Affected individuals were notified, and additional security measures were implemented to prevent recurrence. The city emphasized that the incident was contained to the lookup tool and that My ServiceOttawa itself remained secure.
COVD Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for COVD
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for City of Ottawa / Ville d’Ottawa in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for City of Ottawa / Ville d’Ottawa in 2026.
Incident Types COVD vs Government Administration Industry Avg (This Year)
No incidents recorded for City of Ottawa / Ville d’Ottawa in 2026.
Incident History — COVD (X = Date, Y = Severity)
COVD cyber incidents detection timeline including parent company and subsidiaries
COVD Company Subsidiaries
The City of Ottawa offers a diverse range of career options. City employees work across 110+ business lines to deliver one thing: excellent service to Ottawa’s residents, businesses and visitors. Whether you want to work in IT, recreation, accounting, engineering, customer service, project management, the trades, emergency services, health care or more, you can find what you're looking for at the City. Visit ottawa.ca/jobs to view all career opportunities. La Ville d’Ottawa offre un large éventail de choix de carrières. Les membres du personnel de la Ville travaillent dans plus de 110 secteurs d’activité pour offrir un excellent service aux résidents, aux entreprises et aux visiteurs d’Ottawa. Que vous vouliez travailler dans les technologies de l’information, les loisirs, la comptabilité, le génie, le service à la clientèle, la gestion de projet, les corps de métier, les services d’urgence, les soins de santé ou ailleurs, vous trouverez ce que vous cherchez à la Ville. Consultez ottawa.ca/emplois pour voir toutes les possibilités d’emploi.
Loading...
COVD Similar Companies
INSS
O Instituto Nacional do Seguro Social (INSS) é uma autarquia do Governo Federal do Brasil que recebe as contribuições para a manutenção do Regime Geral da Previdência Social, sendo responsável pelo pagamento da aposentadoria, pensão por morte, auxílio-doença, auxílio-acidente, entre outros benefício
Rijkswaterstaat
Rijkswaterstaat is de uitvoeringsorganisatie van het Ministerie van Infrastructuur en Waterstaat. We beheren en ontwikkelen de rijkswegen, -vaarwegen en –wateren en zetten in op een duurzame leefomgeving. Samen met andere organisaties werken we aan een land dat beschermd is tegen overstromingen. Wa
State of Indiana
State government is more than senators, representatives, and elected officials. We build highways, provide drivers licenses, protect our children and vulnerable populations, create jobs, connect Hoosiers to job opportunities, maintain state parks, train law enforcement officers, and we run museums
U.S. Census Bureau
The Census Bureau serves as the nation’s leading provider of quality data about its people and economy. We have been headquartered in Suitland, Maryland since 1942, and currently employ about 4,285 staff members. We are part of the U.S. Department of Commerce and overseen by the Economics and Statis
U.S. Department of Homeland Security
The Department of Homeland Security (DHS) has a vital mission: to secure the nation from the many threats we face. This requires the hard work of more than 260,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility in
United States Postal Service
As the United States Postal Service continues its evolution as a forward-thinking, fast-acting company capable of providing quality products and services for its customers, it continues to remember and celebrate its roots as the first national network of communications that literally bound a nation
City of Philadelphia
With a workforce of 30,000 people, and opportunities in 1,000 different job categories, the City of Philadelphia is one of the largest employers in Southeastern Pennsylvania. As an employer, we operate through the guiding principles of service, integrity, respect, accountability, collaboration, dive
Home to a respected and energetic cultural arts scene, celebrated restaurants featuring flavors from 35 countries, world-renowned theater groups and the brains behind U.S. space exploration, Houston is a diverse metropolis brimming with personality. With nearly 21,000 concerts, plays, exhibition
Malmö stad
Bli en samhällsbyggare – jobba i Malmö stad! Genom att arbeta i Malmö stad får du möjlighet att arbeta med hållbar samhällsutveckling. Som en samhällsbyggare spelar du en viktig roll i Malmös utveckling och därför ser vi oss som framtidens arbetsplats. Människors lika värde är en förutsättning fö
.png)
COVD CyberSecurity News
January 24, 2026 09:51 PM
Kataria calls for team to boost cybersecurity
Punjab Governor and UT Administrator Gulab Chand Kataria on Saturday stressed the need to create a dedicated and trained team to strengthen...
January 24, 2026 07:00 PM
🔒 What is a VPN Portal- Learn why VPN portals are important for online security #VPNPortal #VPNSecurity #FreeVPNRisks #ssl #vpn #VPNSafety #VPNDisadvantages #VPNAndroid #CyberSecurity #OnlineSafety
January 24, 2026 02:35 PM
Germany news: Berlin vows aggressive cybersecurity stance
Berlin promises to take down bad cyber actors and a new report prompts questions of whether police should carry Tasers to keep them from...
January 24, 2026 11:30 AM
AgweekTV Full Show: Disappearing topsoil, bull genetics, virtual fencing, cybersecurity in ag
Disappearing topsoil is a big problem for land and bottom line. Expert advice for picking the best bull genetics. Keeping cattle right where...
January 24, 2026 10:46 AM
2026 CISO AI Risk Report
Introduction. Many security leaders didn't authorize AI expansion. It happened around them. Someone plugged in a copilot in a SaaS tool or...
January 24, 2026 10:00 AM
National Cyber Security Summit: Cybersecurity a strategic business risk
It's been a busy time for New Zealand's National Cyber Security Centre as it takes an unprecedentedly proactive posture to cyber threats.
January 24, 2026 09:48 AM
Data Deletion: Why Erasing Your Information Matters More Than Ever
Data deletion is a great way to reduce your digital footprint and lower the risk of cybercrime – here's a guide to deleting your data...
January 24, 2026 09:08 AM
Why Cybersecurity Works Better When Defenders Share Data
This post is also available in: עברית (Hebrew). Organizations are increasingly expected to share data across corporate boundaries, yet cybersecurity risks...
January 24, 2026 08:32 AM
Why AI is exposing the limits of automated security decision-making
When cybercriminals are designing ways to deliver malware, hiding payloads within files remains one of the most common and, for them,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
COVD CyberSecurity History Information
Official Website of City of Ottawa / Ville d’Ottawa
The official website of City of Ottawa / Ville d’Ottawa is http://ottawa.ca/jobs.
City of Ottawa / Ville d’Ottawa’s AI-Generated Cybersecurity Score
According to Rankiteo, City of Ottawa / Ville d’Ottawa’s AI-generated cybersecurity score is 645, reflecting their Poor security posture.
How many security badges does City of Ottawa / Ville d’Ottawa’ have ?
According to Rankiteo, City of Ottawa / Ville d’Ottawa currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has City of Ottawa / Ville d’Ottawa been affected by any supply chain cyber incidents ?
According to Rankiteo, City of Ottawa / Ville d’Ottawa has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does City of Ottawa / Ville d’Ottawa have SOC 2 Type 1 certification ?
According to Rankiteo, City of Ottawa / Ville d’Ottawa is not certified under SOC 2 Type 1.
Does City of Ottawa / Ville d’Ottawa have SOC 2 Type 2 certification ?
According to Rankiteo, City of Ottawa / Ville d’Ottawa does not hold a SOC 2 Type 2 certification.
Does City of Ottawa / Ville d’Ottawa comply with GDPR ?
According to Rankiteo, City of Ottawa / Ville d’Ottawa is not listed as GDPR compliant.
Does City of Ottawa / Ville d’Ottawa have PCI DSS certification ?
According to Rankiteo, City of Ottawa / Ville d’Ottawa does not currently maintain PCI DSS compliance.
Does City of Ottawa / Ville d’Ottawa comply with HIPAA ?
According to Rankiteo, City of Ottawa / Ville d’Ottawa is not compliant with HIPAA regulations.
Does City of Ottawa / Ville d’Ottawa have ISO 27001 certification ?
According to Rankiteo,City of Ottawa / Ville d’Ottawa is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of City of Ottawa / Ville d’Ottawa
City of Ottawa / Ville d’Ottawa operates primarily in the Government Administration industry.
Number of Employees at City of Ottawa / Ville d’Ottawa
City of Ottawa / Ville d’Ottawa employs approximately 8,697 people worldwide.
Subsidiaries Owned by City of Ottawa / Ville d’Ottawa
City of Ottawa / Ville d’Ottawa presently has no subsidiaries across any sectors.
City of Ottawa / Ville d’Ottawa’s LinkedIn Followers
City of Ottawa / Ville d’Ottawa’s official LinkedIn profile has approximately 100,341 followers.
NAICS Classification of City of Ottawa / Ville d’Ottawa
City of Ottawa / Ville d’Ottawa is classified under the NAICS code 92, which corresponds to Public Administration.
City of Ottawa / Ville d’Ottawa’s Presence on Crunchbase
No, City of Ottawa / Ville d’Ottawa does not have a profile on Crunchbase.
City of Ottawa / Ville d’Ottawa’s Presence on LinkedIn
Yes, City of Ottawa / Ville d’Ottawa maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/city-of-ottawa.
Cybersecurity Incidents Involving City of Ottawa / Ville d’Ottawa
As of January 25, 2026, Rankiteo reports that City of Ottawa / Ville d’Ottawa has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
City of Ottawa / Ville d’Ottawa has an estimated 11,878 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at City of Ottawa / Ville d’Ottawa ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does City of Ottawa / Ville d’Ottawa detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with blocked unauthorized user access, and remediation measures with process improvements, remediation measures with additional security measures to prevent recurrence, and communication strategy with public statement, communication strategy with notifications to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: City of Ottawa Data Breach Affecting My ServiceOttawa Users
Description: The City of Ottawa disclosed a data breach that impacted some users of its My ServiceOttawa platform.
Type: Data Breach
Title: City of Ottawa My ServiceOttawa Data Breach
Description: The City of Ottawa confirmed a data breach on its online service portal, My ServiceOttawa, involving the email and physical addresses of approximately 2,454 users. The breach occurred due to an isolated system error in the service request lookup tool, allowing a user with access to a specific service request number to use a bot to access service requests linked to other accounts. No financial, password, or other sensitive personal information was accessed. The city blocked the unauthorized user upon detection and conducted an analysis to confirm the limited exposure and implement additional security measures.
Date Detected: 2023-10-03
Date Publicly Disclosed: 2023-10-03
Type: Data Breach
Attack Vector: System Error / Bot Exploitation
Vulnerability Exploited: Service request lookup tool flaw allowing unauthorized access via bot
Threat Actor: Unknown (user with access to a service request number)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Service request lookup tool vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CIT0111401110525
Systems Affected: My ServiceOttawa platform
Incident : Data Breach CIT2862628110525
Data Compromised: Email addresses, Physical addresses
Systems Affected: My ServiceOttawa portal (service request lookup tool)
Operational Impact: Limited; isolated to service request lookup tool
Brand Reputation Impact: Minimal (city emphasized limited scope and proactive response)
Identity Theft Risk: Low (no sensitive personal or financial data exposed)
Payment Information Risk: None
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Email Addresses, Physical Addresses and .
Which entities were affected by each incident ?
Incident : Data Breach CIT0111401110525
Entity Name: City of Ottawa
Entity Type: Government (Municipal)
Industry: Public Administration
Location: Ottawa, Ontario, Canada
Customers Affected: Some My ServiceOttawa users
Incident : Data Breach CIT2862628110525
Entity Name: City of Ottawa
Entity Type: Government (Municipal)
Industry: Public Administration
Location: Ottawa, Ontario, Canada
Customers Affected: 2,454
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CIT2862628110525
Incident Response Plan Activated: True
Containment Measures: Blocked unauthorized user access
Remediation Measures: Process improvementsAdditional security measures to prevent recurrence
Communication Strategy: Public statementNotifications to affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CIT2862628110525
Type of Data Compromised: Email addresses, Physical addresses
Number of Records Exposed: 2,454
Sensitivity of Data: Low (no financial or highly sensitive personal information)
Personally Identifiable Information: Email addressesPhysical addresses
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Process improvements, Additional security measures to prevent recurrence, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by blocked unauthorized user access and .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach CIT2862628110525
Lessons Learned: Importance of securing service lookup tools against automated exploitation and implementing robust access controls to prevent unauthorized data exposure through system flaws.
What recommendations were made to prevent future incidents ?
Incident : Data Breach CIT2862628110525
Recommendations: Enhance input validation and rate-limiting in service request tools to prevent bot-driven attacks., Conduct regular security audits of public-facing portals to identify and mitigate vulnerabilities., Implement multi-factor authentication (MFA) for sensitive service lookup functionalities., Improve monitoring for anomalous access patterns in user-facing systems.Enhance input validation and rate-limiting in service request tools to prevent bot-driven attacks., Conduct regular security audits of public-facing portals to identify and mitigate vulnerabilities., Implement multi-factor authentication (MFA) for sensitive service lookup functionalities., Improve monitoring for anomalous access patterns in user-facing systems.Enhance input validation and rate-limiting in service request tools to prevent bot-driven attacks., Conduct regular security audits of public-facing portals to identify and mitigate vulnerabilities., Implement multi-factor authentication (MFA) for sensitive service lookup functionalities., Improve monitoring for anomalous access patterns in user-facing systems.Enhance input validation and rate-limiting in service request tools to prevent bot-driven attacks., Conduct regular security audits of public-facing portals to identify and mitigate vulnerabilities., Implement multi-factor authentication (MFA) for sensitive service lookup functionalities., Improve monitoring for anomalous access patterns in user-facing systems.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of securing service lookup tools against automated exploitation and implementing robust access controls to prevent unauthorized data exposure through system flaws.
References
Where can I find more information about each incident ?
Incident : Data Breach CIT2862628110525
Source: City of Ottawa Public Statement (via Mishele Joanis, Director of ServiceOttawa)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: City of Ottawa Public Statement (via Mishele Joanis, Director of ServiceOttawa).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach CIT2862628110525
Investigation Status: Completed (analysis conducted in October 2023)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statement and Notifications To Affected Individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach CIT2862628110525
Stakeholder Advisories: Affected individuals were notified directly by the City of Ottawa.
Customer Advisories: Public statement released emphasizing the limited scope of the breach and reassuring users of the portal's overall security.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Affected individuals were notified directly by the City of Ottawa. and Public statement released emphasizing the limited scope of the breach and reassuring users of the portal's overall security..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach CIT2862628110525
Entry Point: Service request lookup tool vulnerability
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach CIT2862628110525
Root Causes: Isolated system error in the service request lookup tool allowing unauthorized access via bot automation.
Corrective Actions: Blocked The Unauthorized User To Prevent Further Access., Improved Processes And Implemented Additional Security Measures To Minimize Recurrence.,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Blocked The Unauthorized User To Prevent Further Access., Improved Processes And Implemented Additional Security Measures To Minimize Recurrence., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown (user with access to a service request number).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-03.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Email addresses, Physical addresses and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was My ServiceOttawa platform and My ServiceOttawa portal (service request lookup tool).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Blocked unauthorized user access.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Physical addresses and Email addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 2.5K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Importance of securing service lookup tools against automated exploitation and implementing robust access controls to prevent unauthorized data exposure through system flaws.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Improve monitoring for anomalous access patterns in user-facing systems., Enhance input validation and rate-limiting in service request tools to prevent bot-driven attacks., Conduct regular security audits of public-facing portals to identify and mitigate vulnerabilities. and Implement multi-factor authentication (MFA) for sensitive service lookup functionalities..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are City of Ottawa Public Statement (via Mishele Joanis and Director of ServiceOttawa).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (analysis conducted in October 2023).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Affected individuals were notified directly by the City of Ottawa., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Public statement released emphasizing the limited scope of the breach and reassuring users of the portal's overall security.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Service request lookup tool vulnerability.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=city-of-ottawa' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
