What is the official website of Dealertrack ?

The official website of Dealertrack is http://www.dealertrack.com.

What is Dealertrack's cybersecurity risk score?

Dealertrack has an AI-generated cybersecurity risk score of 761 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Dealertrack experienced?

According to Rankiteo, Dealertrack currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Dealertrack been affected by any supply chain cyber incidents ?

According to Rankiteo, Dealertrack has been affected by a supply chain cyber incident involving Oracle, with the incident ID COX53102453112425.

Does Dealertrack have SOC 2 Type 1 certification ?

According to Rankiteo, Dealertrack is not certified under SOC 2 Type 1.

Does Dealertrack have SOC 2 Type 2 certification ?

According to Rankiteo, Dealertrack does not hold a SOC 2 Type 2 certification.

Does Dealertrack comply with GDPR ?

According to Rankiteo, Dealertrack is not listed as GDPR compliant.

Does Dealertrack have PCI DSS certification ?

According to Rankiteo, Dealertrack does not currently maintain PCI DSS compliance.

Does Dealertrack comply with HIPAA ?

According to Rankiteo, Dealertrack is not compliant with HIPAA regulations.

Does Dealertrack have ISO 27001 certification ?

According to Rankiteo,Dealertrack is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Dealertrack operate in ?

Dealertrack operates primarily in the Software Development industry.

How many employees does Dealertrack have ?

Dealertrack employs approximately 1,903 people worldwide.

Does Dealertrack own any subsidiaries ?

Dealertrack presently has no subsidiaries across any sectors.

How many LinkedIn followers does Dealertrack have ?

Dealertrack's official LinkedIn profile has approximately 49,493 followers.

What is the NAICS classification code for Dealertrack ?

Dealertrack is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Dealertrack have a Crunchbase profile ?

No, Dealertrack does not have a profile on Crunchbase.

Does Dealertrack have a LinkedIn profile ?

Yes, Dealertrack maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dealertrack.

How many cybersecurity incidents has Dealertrack experienced ?

As of June 14, 2026, Rankiteo reports that Dealertrack has experienced 5 cybersecurity incidents.

How many peer or competitor companies does Dealertrack have ?

Dealertrack has an estimated 30,071 peer or competitor companies worldwide.

What types of cybersecurity incidents has Dealertrack faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Breach, Data Leak and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Dealertrack

Boost Score +25 with badge (5 left)

761

/1000

Fair

786

/1000

Fair

Dealertrack Vendor Cyber Rating & Cyber Score

dealertrack.com

Add Your Compliance Badge

Dealertrack provides industry leading automotive retail software, including our award winning DMS and access to the largest lender network, that helps dealers, lenders, and OEMs simplify workflows, speed up transactions, and improve the car-buying experience. As a Cox Automotive brand, we deliver trusted solutions that power smarter, more connected automotive retail. We’re more than technology. Dealertrack also serves as proven partner and trusted source for automotive industry insights, supporting dealers with: • Live and on-demand webinars • Podcasts and expert discussions • Practical quick tips and best practices • Data-driven insights on trends shaping automotive retail Whether you’re navigating compliance, mitigating fraud risk,

Dealertrack A.I CyberSecurity Scoring

Scoring History

Dealertrack

Dealertrack CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Cox Enterprises

Breach

100

8/2025

Oracle

COX531024531124...

Dealertrack

Ransomware

100

9/2024

COX149511411242...

Dealertrack

Data Leak

1/2023

AUT221524123

Dealertrack

Cyber Attack

100

09/2022

COX2035161122

Dealertrack

Breach

12/2021

COX152930322

Loading…

A.I.

Dealertrack Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Dealertrack

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for Dealertrack in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Dealertrack in 2026.

Incident Types Dealertrack vs Software Development Industry Avg (This Year)

No incidents recorded for Dealertrack in 2026.

Incident History - Dealertrack (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Dealertrack Subsidiaries

Dealertrack

Software Development

Website: http://www.dealertrack.com

Company Size: 1,001-5,000 employees

Sales and F&I SolutionsSoftware Development

Cox Automotive Inc.Software Development

Cox EnterprisesTechnology, Information and Media

VinSolutions by Cox AutomotiveSoftware Development

ManheimMotor Vehicle Manufacturing

vAuto by Cox AutomotiveSoftware Development

Kelley Blue Book Price Advisor ReportMotor Vehicle Manufacturing

Autotrader USAdvertising Services

TeleRepOutsourcing/Offshoring

DealerMatchMotor Vehicle Manufacturing

WPXI-TVBroadcast Media Production and Distribution

Ready LogisticsTruck Transportation

Haystak Digital MarketingAdvertising Services

Cox CommunicationsTelecommunications

Cox CommunitiesTelecommunications

Experience LLCEntertainment Providers

Kelley Blue BookMotor Vehicle Manufacturing

Atlanta Journal-ConstitutionNewspaper Publishing

Cox MediaAdvertising Services

Cox Creative StudiosAdvertising Services

KIRO 7Broadcast Media Production and Distribution

HomeNet AutomotiveInformation Technology & Services

NextGear CapitalFinancial Services

Cox Automotive Rates & IncentivesAutomotive

WSOC-TV Eyewitness NewsBroadcast Media Production and Distribution

Savings.comTechnology, Information and Internet

Dealertrack DMSSoftware Development

Dealer.comSoftware Development

Registration and Titling SolutionsSoftware Development

Loading…

Dealertrack Similar Companies

Facebook

meta.com

The Facebook company is now Meta. Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. We want to give people the power to build community and bring the world closer together. To do that, we ask that you help create a safe and respectful online space. These community values encourage constructive conversations on this page: • Start with an open mind. Whether you agree or disagree, engage with empathy. • Comments violating our Community Standards will be removed or hidden. So please treat everybody with respect. • Keep it constructive. Use your interactions here to learn about and grow your understanding of others. • Our moderators are here to uphold these guidelines for the benefit of everyone, every day. • If you are seeking support for issues related to your Facebook account, please reference our Help Center (https://www.facebook.com/help) or Help Community (https://www.facebook.com/help/community). For a full listing of our jobs, visit http://www.facebookcareers.com

Lazada

lazada.com

About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.

UKG

ukg.com

UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge.

Grab

grab.careers

Grab is Southeast Asia’s leading superapp, offering a suite of services consisting of deliveries, mobility, financial services, enterprise and others. Grabbers come from all over the world, and we are united by a common mission: to drive Southeast Asia forward by creating economic empowerment for everyone. At Grab, every Grabber is guided by The Grab Way, which explains our mission and the operating principles on how we can achieve it together. We call these principles the 4Hs: Heart We work together as OneGrab to serve communities in Southeast Asia Hunger We work to understand ground truths and drive improvements, big and small Honour We keep our word and steward our resources wisely to build and sustain trust Humility We are a constant work-in-progress, and we never stop learning to get better

VMware

cb broadcom.com

Broadcom's VMware software manages cloud complexity so customers can modernize infrastructure, accelerate app development, and protect workloads, wherever these reside. Our flagship cloud solutions provide the security and performance of private cloud combined with the scale and agility of public cloud. Modern app, edge infrastructure, and private AI products extend these capabilities, while security and disaster recovery help ensure that customers’ operations continue uninterrupted. From the data center to the cloud and apps to the edge, we help enterprises around the globe become more innovative, connected, resilient and secure.

Synopsys Inc

cb synopsys.com

Synopsys is the leader in engineering solutions from silicon to systems, enabling customers to rapidly innovate AI-powered products. We deliver industry-leading silicon design, IP, simulation and analysis solutions, and design services. We partner closely with our customers across a wide range of industries to maximize their R&D capability and productivity, powering innovation today that ignites the ingenuity of tomorrow.

Tencent

tencent.com

Tencent is a world-leading internet and technology company that develops innovative products and services to improve the quality of life of people around the world. Founded in 1998 with its headquarters in Shenzhen, China, Tencent's guiding principle is to use technology for good. Our communication and social services connect more than one billion people around the world, helping them to keep in touch with friends and family, access transportation, pay for daily necessities, and even be entertained. Tencent also publishes some of the world's most popular video games and other high-quality digital content, enriching interactive entertainment experiences for people around the globe. Tencent also offers a range of services such as cloud computing, advertising, FinTech, and other enterprise services to support our clients' digital transformation and business growth. Tencent has been listed on the Stock Exchange of Hong Kong since 2004.

Cadence

cadence.com

Cadence is a market leader in AI and digital twins, pioneering the application of computational software to accelerate innovation in the engineering design of silicon to systems. Our design solutions, based on Cadence’s Intelligent System Design™ strategy, are essential for the world’s leading semiconductor and systems companies to build their next-generation products from chips to full electromechanical systems that serve a wide range of markets, including hyperscale computing, mobile communications, automotive, aerospace, industrial, life sciences and robotics. In 2024, Cadence was recognized by the Wall Street Journal as one of the world’s top 100 best-managed companies. Cadence solutions offer limitless opportunities—learn more at www.cadence.com.

Meituan

meituan.com

Adhering to the ‘Retail + Technology’ strategy, Meituan commits to its mission that 'We help people eat better, live better'. Since its establishment in March 2010, Meituan has advanced the digital upgrading of services and goods retail on both supply and demand sides. Together with our partners we provide quality services for consumers. On 20 September, 2018, Meituan was listed on the Main Board of the Stock Exchange of Hong Kong. Meituan has always put customers first, and continuously increased its R&D investment in new technologies. Meituan will join hands with all partners to fulfill our social responsibility and create more values for the society.

Loading…

NEWS

Dealertrack CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

September 17, 2025 02:50 AM

Cox Automotive Releases Dealertrack 2024 Compliance Guide

ATLANTA, Jan. 31, 2024 – Cox Automotive today announced the availability of its annual Dealertrack Compliance Guide for 2024. Now in its 19th edition,...

Read Article

June 26, 2024 07:00 AM

Automakers tell DMS providers to expect security audits in wake of CDK cyberattack, executive says

Concerned by the CDK Global cyberattacks, some auto manufacturers are developing plans to audit all US dealership management system providers.

Read Article

May 28, 2024 07:00 AM

Auto loan tech company Defi Solutions says nothing sensitive accessed in breach

Car loan software provider Defi Solutions on April 29 reassured lenders that despite hacker claims to the contrary, no sensitive information...

Read Article

May 13, 2024 07:00 AM

Tips to navigate 2024 dealership compliance trends

In an ever-changing regulatory landscape, resources that help you stay current on what's new are important for maintaining your dealership's...

Read Article

January 25, 2023 08:00 AM

Female First-Year STEM Students Meet Industry Pioneers

Fifteen female first-year students from the Fred DeMatteis School of Engineering and Applied Science met with leaders from seven...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…