CVS Health
Company Details
Linkedin ID:
cvs-health
Website:
Employees number:
122,928
Number of followers:
965,649
NAICS:
62
Industry Type:
Homepage:
cvshealth.com
IP Addresses:
0
Company ID:
CVS_1676450
Scan Status:
In-progress
CVS Health Company CyberSecurity Posture
cvshealth.com
CVS Health is the leading health solutions company, delivering care like no one else can. We reach more people and improve the health of communities across America through our local presence, digital channels and over 300,000 dedicated colleagues – including more than 40,000 physicians, pharmacists, nurses and nurse practitioners. Wherever and whenever people need us, we help them with their health – whether that’s managing chronic diseases, staying compliant with their medications or accessing affordable health and wellness services in the most convenient ways. We help people navigate the health care system – and their personal health care – by improving access, lowering costs and being a trusted partner for every meaningful moment of health. And we do it all with heart, each and every day. Follow @CVSHealth on social media.
CVS Health A.I CyberSecurity Scoring
CVS Health Risk Score (AI oriented)Between 800 and 849
CVS Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CVS Health Global Score (TPRM)XXXX
CVS Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CVS Health Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
Aetna Life Insurance Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Missouri Attorney General’s Office reported a data breach involving Aetna Life Insurance Company on December 1, 2023. The breach occurred on May 29, 2023, and compromised the personal information of 11,893 Missouri residents, specifically exposing Social Security Numbers. This incident highlights the vulnerability of personal data and the potential consequences of such breaches on individuals' privacy and security.
Aetna International
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Aetna sufferd from a data security incident that exposed More than 500 Texans personal information online. The exposed information includes first name, last name, Aetna member identification number, provider information, claim payment amount, and in some cases procedure/service codes and dates of service. Social Security numbers, bank account information, or credit card details did not exposed in this incident. They launched the investigation and started notifying the affected individuals.
CVS Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Over a billion customer records of Pharmacy giant CVS were leaked on internet in a cyber incident. The exposed data included customer email addresses, device IDs, and the order histories of CVS. Upon learning about the incident CVS Health immediately worked to secure the data and informed the impacted customers to remain alert.
CVS Caremark Part D Services, L.L.C.
Breach
Rankiteo Explanation
Attack without any consequences
Description: The Washington State Office of the Attorney General reported a data breach involving CVS Caremark Part D Services, L.L.C. on February 23, 2024. The breach occurred on November 20, 2023, due to human error in mailing processes, affecting approximately 2,193 individuals' names and medical information.
CVS
Breach
Rankiteo Explanation
Attack without any consequences
Description: On April 8, 2024, the Maine Office of the Attorney General reported a data breach involving CVS that occurred on January 1, 2023. The breach was an internal system breach affecting a total of 10 individuals, with consumer notification conducted electronically on January 10, 2023. Identity theft protection services were offered.
CVS Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CVS Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for CVS Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CVS Health in 2025.
Incident Types CVS Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for CVS Health in 2025.
Incident History — CVS Health (X = Date, Y = Severity)
CVS Health cyber incidents detection timeline including parent company and subsidiaries
CVS Health Company Subsidiaries
CVS Health is the leading health solutions company, delivering care like no one else can. We reach more people and improve the health of communities across America through our local presence, digital channels and over 300,000 dedicated colleagues – including more than 40,000 physicians, pharmacists, nurses and nurse practitioners. Wherever and whenever people need us, we help them with their health – whether that’s managing chronic diseases, staying compliant with their medications or accessing affordable health and wellness services in the most convenient ways. We help people navigate the health care system – and their personal health care – by improving access, lowering costs and being a trusted partner for every meaningful moment of health. And we do it all with heart, each and every day. Follow @CVSHealth on social media.
Loading...
CVS Health Similar Companies
Piedmont
At Piedmont, we deliver healthcare marked by compassion and sustainable excellence in a progressive environment, guided by physicians, delivered by exceptional professionals and inspired by the communities we serve. Piedmont is a not-for-profit, community health system comprised of 25 hospitals and
SSM Health is a Catholic, not-for-profit, fully integrated health system dedicated to advancing innovative, sustainable, and compassionate care for patients and communities throughout the Midwest and beyond. The organization’s 40,000 team members and 13,900 providers are committed to fulfilling SSM
Endeavor Health
NorthShore University HealthSystem, Swedish Hospital, Northwest Community Healthcare and Edward-Elmhurst Health are now united under one name: Endeavor Health. Together, we’re driven by our mission to help everyone in our communities be their best and our commitment to setting a new standard for he
Greater Paris University Hospitals - AP-HP
AP-HP (Greater Paris University Hospitals) is a European world-renowned university hospital. Its 39 hospitals treat 8 million people every year: in consultation, emergency, during scheduled or home hospitalizations. The AP-HP provides a public health service for everyone, 24 hours a day. This missi
Nationwide Children's Hospital
Nationwide Children’s is one of America's largest pediatric hospitals, an international leader in research and is ranked in all 10 specialties on U.S. News & World Report’s 2025-26 “America’s Best Children’s Hospitals” list. Our staff, comprised of 1,600 medical professionals and over 16,000 employe
Mercy Health
At Mercy Health, we understand that every family is a universe. A network of people who love, and support, and count on one other to be there. Everybody means the world to someone and we are committed to care for others so they can be there for the ones they love. With nearly 35,000 employees across
OSF HealthCare
OSF HealthCare is an integrated health system founded by The Sisters of the Third Order of St. Francis. Headquartered in Peoria, Illinois, OSF HealthCare has 17 hospitals – 11 acute care, five critical access and one continuing care – with 2,305 licensed beds throughout Illinois and Michigan. OSF e
Northside Hospital
Northside Hospital — a certified Great Place To Work® — is one of Georgia’s top health systems. We have acute-care hospitals in Atlanta, Canton, Cumming, Duluth and Lawrenceville and hundreds of outpatient locations across the state. Northside Hospital leads the U.S. in newborn deliveries and is amo
Sutter Health is a not-for-profit, people-centered healthcare system providing comprehensive care throughout California. Sutter Health is committed to innovative, high-quality patient care and community partnerships, and innovative, high-quality patient care. Today, Sutter Health is pursuing a bold
.png)
CVS Health CyberSecurity News
November 13, 2025 08:00 AM
CVS Pharmacy union workers hold national day of action
Union workers at CVS pharmacies said they are holding a national day of action in response to working in unsafe conditions.
October 28, 2025 07:00 AM
CVS, Ad Partner Can't Shake Suit Over User Data Tracking
A California federal judge has refused to release CVS Pharmacy Inc. and a marketing partner from a putative class action accusing them of...
October 15, 2025 07:00 AM
CVS Health Completes Purchase Of Rite Aids, Adds 9 Million Customers
CVS Health has completed the acquisition of 63 Rite Aid stores in Idaho, Oregon and Washington and prescription files across 15 states that...
September 05, 2025 07:00 AM
CVS Health Faces HIPAA Probe Over Alleged Use of Patient Data for Lobbying and Political Advocacy
CVS Health is facing a probe into potential HIPAA violations related to the alleged use of patient data for lobbying purposes to prevent the...
August 04, 2025 07:00 AM
Powering AI-Driven Security with the Open Cybersecurity Schema Framework
by Rod Wallace on 04 AUG 2025 in AWS Security Hub, Customer Solutions, Open Source, Security, Security, Identity, & Compliance, Thought Leadership Permalink...
July 15, 2025 07:00 AM
Microsoft Plan to Help Rural Care Facilities Improve Cybersecurity Gains Traction
Microsoft's rural health program gives providers free access to cybersecurity assessments, cyber awareness training and tech product support.
July 01, 2025 07:00 AM
Meet The Washington Foster MBA Class Of 2026, Michael Streuling
An in-depth look into the personal and professional experiences of Michael Streuling from this year's Washington Foster Class of 2026.
May 30, 2025 07:00 AM
BostonCISO ORBIE Leadership Award recipient: CVS Health CISO Chandra McMahon on why the role is more strategic than ever — and advice for future leaders
Chandra McMahon is a seasoned cybersecurity executive and board member with over 30 years of experience leading complex security and technology programs.
May 15, 2025 07:00 AM
Rite Aid To Sell 1,000 Pharmacy Assets To CVS, Walgreens And Grocers
CVS Health, Walgreens and grocery store chains Kroger and Albertsons are among the pharmacy operators buying more than 1,000 Rite Aid...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CVS Health CyberSecurity History Information
Official Website of CVS Health
The official website of CVS Health is http://CVSHealth.com.
CVS Health’s AI-Generated Cybersecurity Score
According to Rankiteo, CVS Health’s AI-generated cybersecurity score is 815, reflecting their Good security posture.
How many security badges does CVS Health’ have ?
According to Rankiteo, CVS Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CVS Health have SOC 2 Type 1 certification ?
According to Rankiteo, CVS Health is not certified under SOC 2 Type 1.
Does CVS Health have SOC 2 Type 2 certification ?
According to Rankiteo, CVS Health does not hold a SOC 2 Type 2 certification.
Does CVS Health comply with GDPR ?
According to Rankiteo, CVS Health is not listed as GDPR compliant.
Does CVS Health have PCI DSS certification ?
According to Rankiteo, CVS Health does not currently maintain PCI DSS compliance.
Does CVS Health comply with HIPAA ?
According to Rankiteo, CVS Health is not compliant with HIPAA regulations.
Does CVS Health have ISO 27001 certification ?
According to Rankiteo,CVS Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CVS Health
CVS Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at CVS Health
CVS Health employs approximately 122,928 people worldwide.
Subsidiaries Owned by CVS Health
CVS Health presently has no subsidiaries across any sectors.
CVS Health’s LinkedIn Followers
CVS Health’s official LinkedIn profile has approximately 965,649 followers.
NAICS Classification of CVS Health
CVS Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
CVS Health’s Presence on Crunchbase
No, CVS Health does not have a profile on Crunchbase.
CVS Health’s Presence on LinkedIn
Yes, CVS Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cvs-health.
Cybersecurity Incidents Involving CVS Health
As of December 02, 2025, Rankiteo reports that CVS Health has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
CVS Health has an estimated 30,193 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at CVS Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
How does CVS Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with immediately worked to secure the data, and communication strategy with informed the impacted customers to remain alert, and communication strategy with notifying affected individuals, and communication strategy with consumer notification conducted electronically..
Incident Details
Can you provide details on each incident ?
Title: CVS Data Leak Incident
Description: Over a billion customer records of Pharmacy giant CVS were leaked on the internet in a cyber incident.
Type: Data Breach
Title: Aetna Data Security Incident
Description: Aetna suffered from a data security incident that exposed more than 500 Texans' personal information online. The exposed information includes first name, last name, Aetna member identification number, provider information, claim payment amount, and in some cases procedure/service codes and dates of service. Social Security numbers, bank account information, or credit card details were not exposed in this incident. They launched an investigation and started notifying the affected individuals.
Type: Data Breach
Title: CVS Data Breach
Description: A data breach involving CVS was reported by the Maine Office of the Attorney General, affecting 10 individuals.
Date Detected: 2023-01-01
Date Publicly Disclosed: 2024-04-08
Type: Data Breach
Attack Vector: Internal System Breach
Title: Aetna Life Insurance Company Data Breach
Description: The Missouri Attorney General’s Office reported a data breach involving Aetna Life Insurance Company on December 1, 2023. The breach occurred on May 29, 2023, and compromised the personal information of 11,893 Missouri residents, specifically exposing Social Security Numbers.
Date Detected: 2023-12-01
Date Publicly Disclosed: 2023-12-01
Type: Data Breach
Title: CVS Caremark Part D Services Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving CVS Caremark Part D Services, L.L.C. on February 23, 2024. The breach occurred on November 20, 2023, due to human error in mailing processes, affecting approximately 2,193 individuals' names and medical information.
Date Detected: 2023-11-20
Date Publicly Disclosed: 2024-02-23
Type: Data Breach
Attack Vector: Human Error
Vulnerability Exploited: Mailing Processes
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CVS153930322
Data Compromised: Customer email addresses, Device ids, Order histories
Incident : Data Breach AET132281022
Data Compromised: First name, Last name, Aetna member identification number, Provider information, Claim payment amount, Procedure/service codes, Dates of service
Incident : Data Breach AET411072725
Data Compromised: Social security numbers
Incident : Data Breach CVS1026072725
Data Compromised: Names, Medical information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Email Addresses, Device Ids, Order Histories, , First Name, Last Name, Aetna Member Identification Number, Provider Information, Claim Payment Amount, Procedure/Service Codes, Dates Of Service, , Social Security Numbers, Names, Medical Information and .
Which entities were affected by each incident ?
Incident : Data Breach CVS153930322
Entity Name: CVS
Entity Type: Pharmacy
Industry: Healthcare
Size: Large
Customers Affected: Over a billion
Incident : Data Breach AET132281022
Entity Name: Aetna
Entity Type: Healthcare Insurance Provider
Industry: Healthcare
Location: Texas
Customers Affected: More than 500 Texans
Incident : Data Breach CVS910072525
Entity Name: CVS
Entity Type: Company
Industry: Healthcare
Customers Affected: 10
Incident : Data Breach AET411072725
Entity Name: Aetna Life Insurance Company
Entity Type: Insurance Company
Industry: Health Insurance
Location: Missouri
Customers Affected: 11893
Incident : Data Breach CVS1026072725
Entity Name: CVS Caremark Part D Services, L.L.C.
Entity Type: Company
Industry: Healthcare
Customers Affected: 2193
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CVS153930322
Incident Response Plan Activated: True
Containment Measures: Immediately worked to secure the data
Communication Strategy: Informed the impacted customers to remain alert
Incident : Data Breach AET132281022
Communication Strategy: Notifying affected individuals
Incident : Data Breach CVS910072525
Communication Strategy: Consumer notification conducted electronically
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CVS153930322
Type of Data Compromised: Customer email addresses, Device ids, Order histories
Number of Records Exposed: Over a billion
Incident : Data Breach AET132281022
Type of Data Compromised: First name, Last name, Aetna member identification number, Provider information, Claim payment amount, Procedure/service codes, Dates of service
Number of Records Exposed: More than 500
Incident : Data Breach CVS910072525
Number of Records Exposed: 10
Incident : Data Breach AET411072725
Type of Data Compromised: Social Security Numbers
Number of Records Exposed: 11893
Sensitivity of Data: High
Personally Identifiable Information: Social Security Numbers
Incident : Data Breach CVS1026072725
Type of Data Compromised: Names, Medical information
Number of Records Exposed: 2193
Sensitivity of Data: High
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by immediately worked to secure the data.
References
Where can I find more information about each incident ?
Incident : Data Breach CVS910072525
Source: Maine Office of the Attorney General
Date Accessed: 2024-04-08
Incident : Data Breach AET411072725
Source: Missouri Attorney General’s Office
Date Accessed: 2023-12-01
Incident : Data Breach CVS1026072725
Source: Washington State Office of the Attorney General
Date Accessed: 2024-02-23
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2024-04-08, and Source: Missouri Attorney General’s OfficeDate Accessed: 2023-12-01, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2024-02-23.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach AET132281022
Investigation Status: Launched
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informed the impacted customers to remain alert, Notifying affected individuals and Consumer notification conducted electronically.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach CVS153930322
Customer Advisories: Informed the impacted customers to remain alert
Incident : Data Breach CVS910072525
Customer Advisories: Identity theft protection services were offered
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Informed the impacted customers to remain alert and Identity theft protection services were offered.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach CVS1026072725
Root Causes: Human Error in Mailing Processes
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-01-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-02-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were customer email addresses, device IDs, order histories, , first name, last name, Aetna member identification number, provider information, claim payment amount, procedure/service codes, dates of service, , Social Security Numbers, , Names, Medical Information and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Immediately worked to secure the data.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were claim payment amount, dates of service, last name, Social Security Numbers, Aetna member identification number, provider information, customer email addresses, Names, device IDs, Medical Information, first name, procedure/service codes and order histories.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 943.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Missouri Attorney General’s Office, Washington State Office of the Attorney General and Maine Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Launched.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Informed the impacted customers to remain alert and Identity theft protection services were offered.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 3.3
Severity: LOW
AV:N/AC:L/Au:M/C:N/I:P/A:N
cvss3
Base: 2.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There is no attempt to sanitize these arguments in the default configuration of this MCP server at the affected version (as of commit 2f3a5512 in September of 2025).
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Qualitor 8.20/8.24. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cvs-health' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
