Comparison Overview

Disability Rights DC at University Legal Services

VS

Miller Korzenik Sommers Rayman LLP

Disability Rights DC at University Legal Services

220 I St NE, Washington, District of Columbia, 20002, US
Last Update: 2025-11-28
View Profile
Between 750 and 799
http://www.uls-dc.org/

Disability Rights DC (DRDC) at University Legal Services is a private, non-profit organization that protects and promotes the human, civil, and legal rights of persons who have disabilities in the District of Columbia. As the federally-designated protection and advocacy program for people with disabilities in the District of Columbia and the Client Assistance Program, DRDC engages in a variety of activities to protect and advocate for the rights of people with disabilities including: individual representation, systemic advocacy, community outreach and education and investigation of abuse and neglect. All services are provided free-of-charge to eligible individuals with disabilities, according to DRDC’s annual objectives and priorities.

NAICS: 541
NAICS Definition:
Employees: 28
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Miller Korzenik Sommers Rayman LLP

The Paramount Building, New York, NY, 10036, US
Last Update: 2025-11-29
Between 700 and 749
http://mksr.law

Miller Korzenik Sommers Rayman LLP has counseled clients, both domestic and international, on media, intellectual property, entertainment and art law, and litigated these matters and a broader spectrum of business and commercial concerns for over twenty years. The partners are veterans of large international law firms, boutique practices and law school and university faculties. They bring to their clients a tradition of expertise and excellence, an appreciation of client businesses and operations, and a concern for the bottom line. The Firm’s extensive experience in civil litigation spans a broad range of cases before courts and arbitrators, including libel defense, First Amendment, copyright (software, designs, text, music, photographs, online motion pictures, advertisements), trademarks, domain names, trade secrets, rights of publicity, privacy, newsgathering torts, unfair competition, art law and other intellectual property and media related claims, as well as a wider spectrum of commercial and business disputes involving such matters as contracts, employment, real estate, bankruptcy, insurance, securities, commodities, and business torts. On the transactional side, the Firm regularly handles rights acquisitions, intellectual property transactions, trademark and copyright prosecution, licensing, electronic and multimedia distribution and performs an extensive amount of pre-publication review of media content. It also handles employment and services agreements, real estate matters and a wide variety of business agreements and formations. The Firm’s media and intellectual property clients include publishers, magazines, broadcasters, new media and technology companies, producers, artists, authors, agents, advertisers and software companies. Commercial clients include financial services firms (brokerage and foreign currency), retailers, manufacturers, production companies, internet start-up companies, insurance companies and other businesses.

NAICS: 541
NAICS Definition:
Employees: 7
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/disability-rights-dc-at-university-legal-services.jpeg
Disability Rights DC at University Legal Services
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/miller-korzenik-sommers-llp.jpeg
Miller Korzenik Sommers Rayman LLP
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Disability Rights DC at University Legal Services
100%
Compliance Rate
0/4 Standards Verified
Miller Korzenik Sommers Rayman LLP
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Legal Services Industry Average (This Year)

No incidents recorded for Disability Rights DC at University Legal Services in 2025.

Incidents vs Legal Services Industry Average (This Year)

No incidents recorded for Miller Korzenik Sommers Rayman LLP in 2025.

Incident History — Disability Rights DC at University Legal Services (X = Date, Y = Severity)

Disability Rights DC at University Legal Services cyber incidents detection timeline including parent company and subsidiaries

Incident History — Miller Korzenik Sommers Rayman LLP (X = Date, Y = Severity)

Miller Korzenik Sommers Rayman LLP cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/disability-rights-dc-at-university-legal-services.jpeg
Disability Rights DC at University Legal Services
Incidents
https://images.rankiteo.com/companyimages/miller-korzenik-sommers-llp.jpeg
Miller Korzenik Sommers Rayman LLP
Incidents

No Incident

FAQ

Disability Rights DC at University Legal Services company demonstrates a stronger AI Cybersecurity Score compared to Miller Korzenik Sommers Rayman LLP company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Miller Korzenik Sommers Rayman LLP company has disclosed a higher number of cyber incidents compared to Disability Rights DC at University Legal Services company.

In the current year, Miller Korzenik Sommers Rayman LLP company and Disability Rights DC at University Legal Services company have not reported any cyber incidents.

Neither Miller Korzenik Sommers Rayman LLP company nor Disability Rights DC at University Legal Services company has reported experiencing a ransomware attack publicly.

Neither Miller Korzenik Sommers Rayman LLP company nor Disability Rights DC at University Legal Services company has reported experiencing a data breach publicly.

Neither Miller Korzenik Sommers Rayman LLP company nor Disability Rights DC at University Legal Services company has reported experiencing targeted cyberattacks publicly.

Neither Disability Rights DC at University Legal Services company nor Miller Korzenik Sommers Rayman LLP company has reported experiencing or disclosing vulnerabilities publicly.

Neither Disability Rights DC at University Legal Services nor Miller Korzenik Sommers Rayman LLP holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Disability Rights DC at University Legal Services company nor Miller Korzenik Sommers Rayman LLP company has publicly disclosed detailed information about the number of their subsidiaries.

Disability Rights DC at University Legal Services company employs more people globally than Miller Korzenik Sommers Rayman LLP company, reflecting its scale as a Legal Services.

Neither Disability Rights DC at University Legal Services nor Miller Korzenik Sommers Rayman LLP holds SOC 2 Type 1 certification.

Neither Disability Rights DC at University Legal Services nor Miller Korzenik Sommers Rayman LLP holds SOC 2 Type 2 certification.

Neither Disability Rights DC at University Legal Services nor Miller Korzenik Sommers Rayman LLP holds ISO 27001 certification.

Neither Disability Rights DC at University Legal Services nor Miller Korzenik Sommers Rayman LLP holds PCI DSS certification.

Neither Disability Rights DC at University Legal Services nor Miller Korzenik Sommers Rayman LLP holds HIPAA certification.

Neither Disability Rights DC at University Legal Services nor Miller Korzenik Sommers Rayman LLP holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss2
Base: 1.2
Severity: HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
cvss3
Base: 2.0
Severity: HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 1.0
Severity: HIGH
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.

Published
Date
2025-11-29
Updated
Date
2025-11-29
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References