Credit Suisse
Company Details
Linkedin ID:
credit-suisse
Website:
Employees number:
19,632
Number of followers:
1,352,460
NAICS:
52211
Industry Type:
Homepage:
ubs.com
IP Addresses:
320
Company ID:
CRE_1092889
Scan Status:
Completed
Credit Suisse Company CyberSecurity Posture
ubs.com
Credit Suisse Group AG has been acquired by UBS Group AG. UBS is the world’s largest and only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management, and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors. From gaining new experiences in different roles to acquiring fresh knowledge and skills, we know that great work is never done alone. We know that it’s our people, with their unique backgrounds, skills, experience levels and interests, who drive our ongoing success. Together we’re more than ourselves. Ready to be part of #teamUBS and make an impact? Visit our Jobs section to explore the current job openings or visit https://www.ubs.com/global/en/careers.html UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills, and experiences within our workforce. www.ubs.com/social-legal
Credit Suisse A.I CyberSecurity Scoring
Credit Suisse Risk Score (AI oriented)Between 700 and 749
Credit Suisse
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Credit Suisse Global Score (TPRM)XXXX
Credit Suisse
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Credit Suisse Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
Credit Suisse AG
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Maine Attorney General's Office reported on January 20, 2023, that Credit Suisse AG experienced a data breach due to insider wrongdoing involving a former IT employee who improperly accessed and moved sensitive data outside the company's systems. The breach, discovered on December 21, 2022, affected a total of 9 individuals, all of whom are residents of Maine, and involved compromised financial account numbers. Identity theft protection services were offered for 24 months through Experian.
Credit Suisse Group AG
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On February 14, 2023, the California Attorney General reported a data breach involving Credit Suisse Group AG. An employee inappropriately copied personal data onto a personal device, although no evidence of misuse has been identified. The specific date of the breach is not available.
Credit Suisse
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Credit Suisse AG suffered a breach after a former IT employee with authorized access to the data accessed and wrongly moved the data outside of Credit Suisse’s systems. The types of information acquired by the employee included individuals’ name or other personal identifier in combination with: “Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account)”
Credit Suisse
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Credit Suisse, a well-known Swiss bank suffered a massive data breach that leaked the data of more than 18,000 bank accounts. The exposed data included personal, shared, and corporate accounts, dating back to the 1940s and holding more than $100bn (£73.6bn). Some of the accounts were linked to the clients involved in serious crimes such as money laundering or drug trafficking. The bank immediately took action and reviewed 90% of the accounts and closed them before the press inquiries while 60% were closed before 2015.
UBS
Ransomware
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Global banking giant UBS has suffered a data breach following a cyber-attack on a third-party supplier. Information about 130,000 UBS employees, including their business contact details, job roles, locations, and floor information, was published on the dark web by a ransomware group called World Leaks. The breach did not impact customer data or operations, but the direct phone number of UBS CEO Sergio Ermotti was included in the published data.
Credit Suisse Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Credit Suisse
Incidents vs Banking Industry Average (This Year)
No incidents recorded for Credit Suisse in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Credit Suisse in 2025.
Incident Types Credit Suisse vs Banking Industry Avg (This Year)
No incidents recorded for Credit Suisse in 2025.
Incident History — Credit Suisse (X = Date, Y = Severity)
Credit Suisse cyber incidents detection timeline including parent company and subsidiaries
Credit Suisse Company Subsidiaries
Credit Suisse Group AG has been acquired by UBS Group AG. UBS is the world’s largest and only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management, and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors. From gaining new experiences in different roles to acquiring fresh knowledge and skills, we know that great work is never done alone. We know that it’s our people, with their unique backgrounds, skills, experience levels and interests, who drive our ongoing success. Together we’re more than ourselves. Ready to be part of #teamUBS and make an impact? Visit our Jobs section to explore the current job openings or visit https://www.ubs.com/global/en/careers.html UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills, and experiences within our workforce. www.ubs.com/social-legal
Loading...
Credit Suisse Similar Companies
OCBC
OCBC is the longest established Singapore bank, formed in 1932 from the merger of three local banks, the oldest of which was founded in 1912. It is now the second largest financial services group in Southeast Asia by assets and one of the world’s most highly-rated banks, with an Aa1 rating from Mood
SEB is a leading northern European financial services group with a strong belief that entrepreneurial minds and innovative companies are key in creating a better world. SEB takes a long-term perspective and supports its customers in good times and bad. In Sweden and the Baltic countries, SEB offe
Regions Bank
Regions Financial Corporation is a member of the S&P 500 Index and is one of the nation’s largest full-service providers of consumer and commercial banking, wealth management, and mortgage products and services. Regions serves customers across the South, Midwest and Texas, and through its subsidiary
Banco Bradesco
O Bradesco é um dos líderes do setor financeiro privado e um dos maiores empregadores na categoria. Além disso, apresenta o melhor índice de eficiência entre os bancos de varejo. Nossa missão é fornecer soluções, produtos e serviços financeiros e de seguros com agilidade e competência, principal
Groupe Crédit Agricole
The Crédit Agricole group is the leading partner of the French economy and one of the largest banking groups in Europe. It is the leading retail bank in Europe as well as the first European asset manager, the first bancassurer in Europe and the third European player in project finance. Built on its
Banco Bci
Porque el mundo que nos rodea se actualiza constantemente, porque tu decides hacer tu vida más simple: para entretenerte, para compartir con tu familia o para moverte por la ciudad. En Bci evolucionamos junto a ti, en este mundo donde todo se transforma una y otra vez, con soluciones que harán tu vi
Crédit Mutuel
Un modèle mutualiste au service des clients et des salariés. Réseau bancaire mutualiste constitué de 2124 Caisses locales le Crédit Mutuel se compose de 18 fédérations régionales, couvrant tout le territoire français. Société de personnes et non de capitaux, le Crédit Mutuel n’est pas coté en Bou
Indian Bank
Established in 1907, today, we are a family of over 141 million customers and 40000 staff members. With a 100% CBS network of 6000+ branches and 5400+ ATMs and BNAs, Indian Bank has a wide national footprint, besides foreign branches in Singapore and Colombo, along with arrangements with 640 Oversea
Huntington National Bank
Welcome to Huntington. Huntington Bancshares Incorporated is a $210 billion asset regional bank holding company headquartered in Columbus, Ohio. Founded in 1866, The Huntington National Bank and its affiliates provide consumers, small and middle-market businesses, corporations, municipalities, and
.png)
Credit Suisse CyberSecurity News
October 29, 2025 07:00 AM
Credit Suisse AT1 investors pursue compensation via investment treaties
International bondholders' best hope of recovering losses from the $20.7bn wipeout of Credit Suisse's additional Tier 1 bonds may be via the...
September 25, 2025 07:00 AM
Lessons from the last big thing: how cyber lessons inform AI oversight
In this session, Molly Reynolds will be joined by Jodi Butts of Watson Board Advisors and Samantha Kappagoda of Credit Suisse Funds to...
August 29, 2025 07:00 AM
Credit Suisse ex-officials reach $115 million settlement over risk management
Nineteen former Credit Suisse executives and directors reached a $115 million settlement of shareholder claims that their poor risk...
June 10, 2025 07:00 AM
Third-party cyber breaches surge 25% in Europe’s top banks
Europe's largest financial institutions have seen a 25% increase in third-party cyber breaches over the past year, according to the latest analysis by...
May 14, 2025 07:00 AM
Top Cybersecurity Stocks to Buy for the AI Era
In an increasingly digital world, cybersecurity stocks could play an important role in investor portfolios in the years ahead.
March 12, 2025 07:00 AM
Ex-UBS banker who rarely saw his children wanted $100m for firing
Nelson was previously a UBS veteran, but he moved in 2018 to become global co-head of prime services at Credit Suisse. This was apparently not a great job.
February 14, 2025 08:00 AM
Bank of America doubles size of banking team in Switzerland after Credit Suisse collapse
Feb 12 (Reuters) - Bank of America has doubled the size of its banking team in Switzerland, its CEO said, seizing on a potential opportunity...
January 09, 2025 08:00 AM
Exclusive | UBS Close to Large Settlement Over Credit Suisse Tax Case
Credit Suisse pleaded guilty in 2014 to helping Americans evade taxes but still harbored hidden accounts.
December 26, 2024 08:00 AM
Raleigh Cybersecurity Salaries: What Can You Expect to Earn?
Discover what cybersecurity professionals earn in Raleigh, North Carolina, and factors affecting salaries. Explore career paths and tips to...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Credit Suisse CyberSecurity History Information
Official Website of Credit Suisse
The official website of Credit Suisse is http://www.credit-suisse.com/.
Credit Suisse’s AI-Generated Cybersecurity Score
According to Rankiteo, Credit Suisse’s AI-generated cybersecurity score is 741, reflecting their Moderate security posture.
How many security badges does Credit Suisse’ have ?
According to Rankiteo, Credit Suisse currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Credit Suisse have SOC 2 Type 1 certification ?
According to Rankiteo, Credit Suisse is not certified under SOC 2 Type 1.
Does Credit Suisse have SOC 2 Type 2 certification ?
According to Rankiteo, Credit Suisse does not hold a SOC 2 Type 2 certification.
Does Credit Suisse comply with GDPR ?
According to Rankiteo, Credit Suisse is not listed as GDPR compliant.
Does Credit Suisse have PCI DSS certification ?
According to Rankiteo, Credit Suisse does not currently maintain PCI DSS compliance.
Does Credit Suisse comply with HIPAA ?
According to Rankiteo, Credit Suisse is not compliant with HIPAA regulations.
Does Credit Suisse have ISO 27001 certification ?
According to Rankiteo,Credit Suisse is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Credit Suisse
Credit Suisse operates primarily in the Banking industry.
Number of Employees at Credit Suisse
Credit Suisse employs approximately 19,632 people worldwide.
Subsidiaries Owned by Credit Suisse
Credit Suisse presently has no subsidiaries across any sectors.
Credit Suisse’s LinkedIn Followers
Credit Suisse’s official LinkedIn profile has approximately 1,352,460 followers.
NAICS Classification of Credit Suisse
Credit Suisse is classified under the NAICS code 52211, which corresponds to Commercial Banking.
Credit Suisse’s Presence on Crunchbase
Yes, Credit Suisse has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/credit-suisse.
Credit Suisse’s Presence on LinkedIn
Yes, Credit Suisse maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/credit-suisse.
Cybersecurity Incidents Involving Credit Suisse
As of November 27, 2025, Rankiteo reports that Credit Suisse has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
Credit Suisse has an estimated 6,716 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Credit Suisse ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
How does Credit Suisse detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with reviewed 90% of the accounts and closed them before the press inquiries, containment measures with 60% were closed before 2015, and and containment measures with strengthened security of relevant systems, and third party assistance with experian..
Incident Details
Can you provide details on each incident ?
Title: Credit Suisse Data Breach
Description: Credit Suisse suffered a massive data breach that leaked the data of more than 18,000 bank accounts, including personal, shared, and corporate accounts dating back to the 1940s and holding more than $100bn (£73.6bn). Some accounts were linked to clients involved in serious crimes such as money laundering or drug trafficking.
Type: Data Breach
Title: Credit Suisse Data Breach
Description: Credit Suisse AG suffered a breach after a former IT employee with authorized access to the data accessed and wrongly moved the data outside of Credit Suisse’s systems.
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Unauthorized Data Transfer
Threat Actor: Former IT Employee
Motivation: Unknown
Title: UBS Data Breach via Third-Party Supplier
Description: Global banking giant UBS has suffered a data breach following a cyber-attack on a third-party supplier, Chain IQ. Information about 130,000 UBS employees was published on the dark web by a ransomware group called World Leaks. The data included business contact details, job roles, and locations. UBS confirmed that no client data was affected.
Date Detected: 2023-06-12
Date Publicly Disclosed: 2023-06-12
Type: Data Breach
Attack Vector: Third-party supplier compromise
Threat Actor: World Leaks (Hunters International)
Motivation: Data exfiltration and potential ransom demand
Title: Data Breach at Credit Suisse Group AG
Description: An employee inappropriately copied personal data onto a personal device, although no evidence of misuse has been identified.
Date Publicly Disclosed: 2023-02-14
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Human Error
Threat Actor: Employee
Title: Credit Suisse AG Data Breach
Description: A data breach at Credit Suisse AG due to insider wrongdoing involving a former IT employee who improperly accessed and moved sensitive data outside the company's systems.
Date Detected: 2022-12-21
Date Publicly Disclosed: 2023-01-20
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Improper Access Controls
Threat Actor: Former IT Employee
Motivation: Unknown
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CRE171312522
Data Compromised: Personal, Shared, Corporate accounts
Incident : Data Breach CRE214125123
Data Compromised: Financial account number, Credit/debit card number
Incident : Data Breach UBS604061925
Data Compromised: Business contact details, Job roles, Locations
Incident : Data Breach CRE000072825
Data Compromised: Personal Data
Incident : Data Breach CRE441072925
Data Compromised: Financial Account Numbers
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal, Shared, Corporate Accounts, , Financial Account Number, Credit/Debit Card Number, , Business Contact Details, Job Roles, Locations, , Personal Data and Financial Account Numbers.
Which entities were affected by each incident ?
Incident : Data Breach CRE171312522
Entity Name: Credit Suisse
Entity Type: Bank
Industry: Financial Services
Location: Switzerland
Size: Large Enterprise
Customers Affected: 18,000 accounts
Incident : Data Breach CRE214125123
Entity Name: Credit Suisse AG
Entity Type: Financial Institution
Industry: Finance
Incident : Data Breach UBS604061925
Entity Name: UBS
Entity Type: Bank
Industry: Financial Services
Location: Switzerland
Incident : Data Breach UBS604061925
Entity Name: Pictet
Entity Type: Bank
Industry: Financial Services
Location: Switzerland
Incident : Data Breach UBS604061925
Entity Name: Chain IQ
Entity Type: Procurement Service Provider
Industry: Services
Location: Switzerland
Incident : Data Breach CRE000072825
Entity Name: Credit Suisse Group AG
Entity Type: Financial Institution
Industry: Finance
Incident : Data Breach CRE441072925
Entity Name: Credit Suisse AG
Entity Type: Financial Institution
Industry: Finance
Location: Global
Customers Affected: 9
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CRE171312522
Containment Measures: Reviewed 90% of the accounts and closed them before the press inquiries60% were closed before 2015
Incident : Data Breach UBS604061925
Containment Measures: Strengthened security of relevant systems
Incident : Data Breach CRE441072925
Third Party Assistance: Experian
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CRE171312522
Type of Data Compromised: Personal, Shared, Corporate accounts
Number of Records Exposed: 18,000
Sensitivity of Data: High
Incident : Data Breach CRE214125123
Type of Data Compromised: Financial account number, Credit/debit card number
Sensitivity of Data: High
Incident : Data Breach UBS604061925
Type of Data Compromised: Business contact details, Job roles, Locations
Number of Records Exposed: 130000
Incident : Data Breach CRE000072825
Type of Data Compromised: Personal Data
Incident : Data Breach CRE441072925
Type of Data Compromised: Financial Account Numbers
Number of Records Exposed: 9
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by reviewed 90% of the accounts and closed them before the press inquiries, 60% were closed before 2015, , strengthened security of relevant systems and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach UBS604061925
Data Exfiltration: True
References
Where can I find more information about each incident ?
Incident : Data Breach UBS604061925
Source: Infosecurity
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Infosecurity, and Source: California Attorney GeneralDate Accessed: 2023-02-14, and Source: Maine Attorney General's OfficeDate Accessed: 2023-01-20.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach UBS604061925
Investigation Status: Ongoing
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Former IT Employee, World Leaks (Hunters International), Employee and Former IT Employee.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-06-12.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-01-20.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were personal, shared, corporate accounts, , Financial Account Number, Credit/Debit Card Number, , Business contact details, Job roles, Locations, , Personal Data and Financial Account Numbers.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Reviewed 90% of the accounts and closed them before the press inquiries60% were closed before 2015 and Strengthened security of relevant systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal Data, shared, corporate accounts, Credit/Debit Card Number, Business contact details, personal, Locations, Financial Account Numbers, Financial Account Number and Job roles.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 18.1K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are California Attorney General, Maine Attorney General's Office and Infosecurity.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=credit-suisse' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
