CIH
Company Details
Linkedin ID:
correctcare-integrated-health
Website:
Employees number:
38
Number of followers:
93
NAICS:
923
Industry Type:
Homepage:
www.correctcare.com
IP Addresses:
9
Company ID:
COR_1411857
Scan Status:
Completed
CorrectCare Integrated Health Company CyberSecurity Posture
www.correctcare.com
The mission of CorrectCare - Integrated Health is to facilitate access to appropriate medical providers and to manage the claims payment process while minimizing costs within the correctional environment. For over a decade, CorrectCare - Integrated Health has provided utilization management, network access, and claims processing services solely within the correctional environment. Our company has experience with providing utilization management and claims management for small local facilities and entire state department of corrections. CCIH works hand-in-hand with state correctional personnel to provide necessary data for reducing their medical costs while increasing their quality of inmate care.
CorrectCare Integrated Health A.I CyberSecurity Scoring
CIH Risk Score (AI oriented)Between 550 and 599
CIH
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CIH Global Score (TPRM)XXXX
CIH
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CIH Company CyberSecurity News & History
Past Incidents
5
Attack Types
3
CorrectCare
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: CorrectCare, a medical claims processor, suffered a cybersecurity breach where a web server misconfiguration from January 22, 2022, to July 7, 2022, led to unauthorized internet access to two file directories. Approximately 600,000 individuals were affected by the data breach, which included personal information and was not disclosed until November 2022. A resulting class action lawsuit was settled for $6.49 million.
CorrectCare Integrated Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: CorrectCare Integrated Health experienced a data breach resulting from a web server misconfiguration, which exposed two file directories over the Internet without authentication. The breach, occurring from January 22, 2022, to July 7, 2022, impacted approximately 600,000 individuals, predominantly comprised of correctional facility medical claims data. This incident was not reported until November 2022, and led to a class action lawsuit. Settlement was reached at $6.49 million, with Chief Judge Danny C. Reeves granting final approval.
CorrectCare Integrated Health, Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that CorrectCare Integrated Health experienced a data breach on January 22, 2022. The breach involved the inadvertent exposure of protected health information (PHI) of individuals incarcerated in a CDCR facility, affecting potentially thousands of people, although the exact number is unknown. Affected data included full names, dates of birth, social security numbers, and limited health information, with remediation actions initiated by CorrectCare immediately upon discovery of the incident.
CorrectCare Integrated Health
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: CorrectCare Integrated Health, a third-party health administrator, suffered a healthcare data breach that stemmed from a misconfigured web server. Patient information contained in two file directories was exposed. The breach impacted 85,466 individuals at the Louisiana Department of Public Safety and Corrections. The breach also impacted more than 438,000 individuals at the California Department of Corrections and Rehabilitation (CDCR). Current and former inmates at the Alaska Department of Corrections and the Georgia Department of Corrections were also impacted by the breach.
CorrectCare Integrated Health
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: CorrectCare Integrated Health, a medical claims processor for correctional facilities in Kentucky, experienced a significant cybersecurity breach. The incident, which went undetected from January 22, 2022, to July 7, 2022, led to unauthorized Internet access to two file directories due to a web server misconfiguration. This data breach impacted approximately 600,000 individuals and the disclosure delay until November 2022 resulted in a class action lawsuit that was settled for $6.49 million. Over 100,000 claims were filed, highlighting the extensive nature of the breach and its repercussions.
CIH Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CIH
Incidents vs Health and Human Services Industry Average (This Year)
No incidents recorded for CorrectCare Integrated Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CorrectCare Integrated Health in 2025.
Incident Types CIH vs Health and Human Services Industry Avg (This Year)
No incidents recorded for CorrectCare Integrated Health in 2025.
Incident History — CIH (X = Date, Y = Severity)
CIH cyber incidents detection timeline including parent company and subsidiaries
CIH Company Subsidiaries
The mission of CorrectCare - Integrated Health is to facilitate access to appropriate medical providers and to manage the claims payment process while minimizing costs within the correctional environment. For over a decade, CorrectCare - Integrated Health has provided utilization management, network access, and claims processing services solely within the correctional environment. Our company has experience with providing utilization management and claims management for small local facilities and entire state department of corrections. CCIH works hand-in-hand with state correctional personnel to provide necessary data for reducing their medical costs while increasing their quality of inmate care.
Loading...
CIH Similar Companies
HealthPoint
HealthPoint seeks to provide evidence-based healthcare utilizing a patient-empowered team approach to achieve individual wellness for all Greater Brazos Valley community members. We do this through a comprehensive approach to your medical needs, including adult and pediatric medical care, dental car
Goldbelt Frontier LLC
Goldbelt Frontier is a subsidiary of Goldbelt, Incorporated, an Alaska Native Corporation, and a participant in the SBA’s 8(a) program. Goldbelt Frontier fosters a collaborative environment where our employees are encouraged to utilize and employ their operational and leadership skills; many of our
Generate Health STL
Generate Health believes St. Louis can be a more thriving region if we improve the health and well-being of Black moms, birthing people, babies and families. As a coalition, we build collective power to advocate for racially equitable policies and practices that center, support and celebrate Black
Breast Cancer Alliance
The mission of Breast Cancer Alliance is to improve survival rates and quality of life for those impacted by breast cancer through better prevention, early detection, treatment and cure. To promote these goals, we invest in innovative research, breast surgery fellowships, regional education, dignifi
Multicultural AIDS Coalition, Inc.
The Multicultural AIDS Coalition mission is to mobilize communities of color to end the HIV epidemic. MAC supports broader efforts to eradicate conditions that fuel the epidemic, including substance abuse, sexually transmitted infections, lack of healthcare access, homelessness, incarceration, and d
Lahai Health
Lahai Health is a free clinic providing health care to King and Snohomish counties. We serve low-income, uninsured, and underserved families and individuals by providing integrated and comprehensive medical, dental, and professional counseling services. Our mission is providing quality and compass
.png)
CIH CyberSecurity News
October 03, 2024 07:00 AM
600,000 Prison Inmates to Share in $6.49M Breach Settlement
A misconfigured web server and the exposure of sensitive information for nearly 600000 prison inmates in 2022 will cost medical claims...
September 23, 2024 07:00 AM
CorrectCare Integrated Health Data Breach Lawsuit Settled for $6.49 Million
A class action lawsuit against CorrectCare Integrated Health LLC (CorrectCare) over a 2022 data breach that affected around 600000...
September 17, 2024 07:00 AM
CorrectCare’s $6.49 Million Breach Deal Gets Final Court Nod
Prison health-care administrator CorrectCare Integrated Health LLC will pay $6.49 million to settle allegations it failed to protect the...
August 28, 2024 08:22 AM
$6.49M CorrectCare data breach class action settlement
If their information was compromised in the 2022 data breach, consumers could receive payments and other benefits from a $6.49 million CorrectCare...
April 13, 2023 07:00 AM
CorrectCare data breach affects personal data of 1.5M individuals, lawsuit claims
Three men incarcerated in the Georgia Department of Corrections are suing a medical claims facilitator after it suffered a data breach.
November 22, 2022 08:00 AM
October 2022 Healthcare Data Breach Report
October was the worst month of the year to date for healthcare data breaches, with 71 breaches reported and more than 6 million records breached.
November 18, 2022 08:00 AM
Health Data of 5K Sacramento County Inmates Exposed
Sacramento County, Calif., officials announced that the medical data of as many as 5372 inmates was exposed on the Internet for several...
November 18, 2022 08:00 AM
NewYork-Presbyterian Hospital Notifies 12K of Healthcare Data Breach
Along with NewYork-Presbyterian Hospital, Gateway Ambulatory Surgery Center and CorrectCare Integrated Health also reported healthcare data...
November 17, 2022 08:00 AM
Data breach impacts 5.3k Sacramento County Correctional Health patients
The 5372 Sacramento County Correctional Health patients impacted by the data breach will be eligible for free credit monitoring and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CIH CyberSecurity History Information
Official Website of CorrectCare Integrated Health
The official website of CorrectCare Integrated Health is www.correctcare.com.
CorrectCare Integrated Health’s AI-Generated Cybersecurity Score
According to Rankiteo, CorrectCare Integrated Health’s AI-generated cybersecurity score is 567, reflecting their Very Poor security posture.
How many security badges does CorrectCare Integrated Health’ have ?
According to Rankiteo, CorrectCare Integrated Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CorrectCare Integrated Health have SOC 2 Type 1 certification ?
According to Rankiteo, CorrectCare Integrated Health is not certified under SOC 2 Type 1.
Does CorrectCare Integrated Health have SOC 2 Type 2 certification ?
According to Rankiteo, CorrectCare Integrated Health does not hold a SOC 2 Type 2 certification.
Does CorrectCare Integrated Health comply with GDPR ?
According to Rankiteo, CorrectCare Integrated Health is not listed as GDPR compliant.
Does CorrectCare Integrated Health have PCI DSS certification ?
According to Rankiteo, CorrectCare Integrated Health does not currently maintain PCI DSS compliance.
Does CorrectCare Integrated Health comply with HIPAA ?
According to Rankiteo, CorrectCare Integrated Health is not compliant with HIPAA regulations.
Does CorrectCare Integrated Health have ISO 27001 certification ?
According to Rankiteo,CorrectCare Integrated Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CorrectCare Integrated Health
CorrectCare Integrated Health operates primarily in the Health and Human Services industry.
Number of Employees at CorrectCare Integrated Health
CorrectCare Integrated Health employs approximately 38 people worldwide.
Subsidiaries Owned by CorrectCare Integrated Health
CorrectCare Integrated Health presently has no subsidiaries across any sectors.
CorrectCare Integrated Health’s LinkedIn Followers
CorrectCare Integrated Health’s official LinkedIn profile has approximately 93 followers.
NAICS Classification of CorrectCare Integrated Health
CorrectCare Integrated Health is classified under the NAICS code 923, which corresponds to Administration of Human Resource Programs.
CorrectCare Integrated Health’s Presence on Crunchbase
No, CorrectCare Integrated Health does not have a profile on Crunchbase.
CorrectCare Integrated Health’s Presence on LinkedIn
Yes, CorrectCare Integrated Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/correctcare-integrated-health.
Cybersecurity Incidents Involving CorrectCare Integrated Health
As of November 27, 2025, Rankiteo reports that CorrectCare Integrated Health has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
CorrectCare Integrated Health has an estimated 403 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CorrectCare Integrated Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Vulnerability.
What was the total financial impact of these incidents on CorrectCare Integrated Health ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $12.98 million.
How does CorrectCare Integrated Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with initiated by correctcare immediately upon discovery of the incident..
Incident Details
Can you provide details on each incident ?
Title: CorrectCare Integrated Health Data Breach
Description: CorrectCare Integrated Health, a third-party health administrator, suffered a healthcare data breach that stemmed from a misconfigured web server. Patient information contained in two file directories was exposed. The breach impacted 85,466 individuals at the Louisiana Department of Public Safety and Corrections and more than 438,000 individuals at the California Department of Corrections and Rehabilitation (CDCR). Current and former inmates at the Alaska Department of Corrections and the Georgia Department of Corrections were also impacted by the breach.
Type: Data Breach
Attack Vector: Misconfigured Web Server
Vulnerability Exploited: Misconfiguration
Title: CorrectCare Integrated Health Data Breach
Description: CorrectCare Integrated Health, a medical claims processor for correctional facilities in Kentucky, experienced a significant cybersecurity breach. The incident went undetected from January 22, 2022, to July 7, 2022, leading to unauthorized Internet access to two file directories due to a web server misconfiguration. This data breach impacted approximately 600,000 individuals and the disclosure delay until November 2022 resulted in a class action lawsuit that was settled for $6.49 million. Over 100,000 claims were filed, highlighting the extensive nature of the breach and its repercussions.
Date Detected: 2022-07-07
Date Publicly Disclosed: 2022-11-01
Type: Data Breach
Attack Vector: Web Server Misconfiguration
Vulnerability Exploited: Web Server Misconfiguration
Title: CorrectCare Data Breach
Description: CorrectCare, a medical claims processor, suffered a cybersecurity breach where a web server misconfiguration from January 22, 2022, to July 7, 2022, led to unauthorized internet access to two file directories. Approximately 600,000 individuals were affected by the data breach, which included personal information and was not disclosed until November 2022. A resulting class action lawsuit was settled for $6.49 million.
Date Detected: 2022-07-07
Date Publicly Disclosed: 2022-11-01
Type: Data Breach
Attack Vector: Web Server Misconfiguration
Vulnerability Exploited: Web Server Misconfiguration
Title: CorrectCare Integrated Health Data Breach
Description: CorrectCare Integrated Health experienced a data breach resulting from a web server misconfiguration, which exposed two file directories over the Internet without authentication. The breach, occurring from January 22, 2022, to July 7, 2022, impacted approximately 600,000 individuals, predominantly comprised of correctional facility medical claims data. This incident was not reported until November 2022, and led to a class action lawsuit. Settlement was reached at $6.49 million, with Chief Judge Danny C. Reeves granting final approval.
Date Detected: 2022-07-07
Date Publicly Disclosed: 2022-11-01
Type: Data Breach
Attack Vector: Web Server Misconfiguration
Vulnerability Exploited: Exposed file directories without authentication
Title: CorrectCare Integrated Health Data Breach
Description: The California Office of the Attorney General reported that CorrectCare Integrated Health experienced a data breach on January 22, 2022. The breach involved the inadvertent exposure of protected health information (PHI) of individuals incarcerated in a CDCR facility, affecting potentially thousands of people, although the exact number is unknown. Affected data included full names, dates of birth, social security numbers, and limited health information, with remediation actions initiated by CorrectCare immediately upon discovery of the incident.
Date Detected: 2022-01-22
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COR152491222
Data Compromised: Patient Information
Incident : Data Breach COR000100224
Financial Loss: $6.49 million
Data Compromised: Two file directories
Legal Liabilities: Class action lawsuit
Incident : Data Breach COR000103124
Financial Loss: $6.49 million
Data Compromised: Personal Information
Legal Liabilities: Class action lawsuit
Incident : Data Breach COR001032225
Data Compromised: Correctional facility medical claims data
Legal Liabilities: Class action lawsuit
Incident : Data Breach COR406072525
Data Compromised: Full names, Dates of birth, Social security numbers, Limited health information
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $2.60 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Information, Personal Information, Correctional facility medical claims data, Full Names, Dates Of Birth, Social Security Numbers, Limited Health Information and .
Which entities were affected by each incident ?
Incident : Data Breach COR152491222
Entity Name: Louisiana Department of Public Safety and Corrections
Entity Type: Government
Industry: Corrections
Location: Louisiana
Customers Affected: 85466
Incident : Data Breach COR152491222
Entity Name: California Department of Corrections and Rehabilitation (CDCR)
Entity Type: Government
Industry: Corrections
Location: California
Customers Affected: 438000
Incident : Data Breach COR152491222
Entity Name: Alaska Department of Corrections
Entity Type: Government
Industry: Corrections
Location: Alaska
Incident : Data Breach COR152491222
Entity Name: Georgia Department of Corrections
Entity Type: Government
Industry: Corrections
Location: Georgia
Incident : Data Breach COR000100224
Entity Name: CorrectCare Integrated Health
Entity Type: Company
Industry: Healthcare
Location: Kentucky
Customers Affected: 600,000 individuals
Incident : Data Breach COR000103124
Entity Name: CorrectCare
Entity Type: Medical Claims Processor
Industry: Healthcare
Customers Affected: 600,000 individuals
Incident : Data Breach COR001032225
Entity Name: CorrectCare Integrated Health
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 600,000
Incident : Data Breach COR406072525
Entity Name: CorrectCare Integrated Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California
Customers Affected: potentially thousands of people
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COR406072525
Remediation Measures: initiated by CorrectCare immediately upon discovery of the incident
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COR152491222
Type of Data Compromised: Patient Information
Number of Records Exposed: 85466, 438000
Incident : Data Breach COR000100224
Number of Records Exposed: 600,000
Incident : Data Breach COR000103124
Type of Data Compromised: Personal Information
Number of Records Exposed: 600,000
Incident : Data Breach COR001032225
Type of Data Compromised: Correctional facility medical claims data
Number of Records Exposed: 600,000
Incident : Data Breach COR406072525
Type of Data Compromised: Full names, Dates of birth, Social security numbers, Limited health information
Number of Records Exposed: potentially thousands of people
Sensitivity of Data: high
Personally Identifiable Information: full namesdates of birthsocial security numbers
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: initiated by CorrectCare immediately upon discovery of the incident.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach COR000100224
Legal Actions: Class action lawsuit settled for $6.49 million
Incident : Data Breach COR000103124
Legal Actions: Class action lawsuit
Incident : Data Breach COR001032225
Legal Actions: Class action lawsuit
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit settled for $6.49 million, Class action lawsuit, Class action lawsuit.
References
Where can I find more information about each incident ?
Incident : Data Breach COR406072525
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach COR000100224
Root Causes: Web Server Misconfiguration
Incident : Data Breach COR001032225
Root Causes: Web server misconfiguration
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2022-07-07.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-11-01.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $6.49 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Patient Information, Two file directories, Personal Information, Correctional facility medical claims data, full names, dates of birth, social security numbers, limited health information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were dates of birth, Correctional facility medical claims data, social security numbers, Patient Information, limited health information, Two file directories, full names and Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.8M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit settled for $6.49 million, Class action lawsuit, Class action lawsuit.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Web Server Misconfiguration, Web server misconfiguration.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=correctcare-integrated-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
