Emirates NBD
Company Details
Linkedin ID:
emirates-nbd
Website:
Employees number:
24,743
Number of followers:
1,360,149
NAICS:
52211
Industry Type:
Homepage:
emiratesnbd.com
IP Addresses:
0
Company ID:
EMI_1823170
Scan Status:
In-progress
Emirates NBD Company CyberSecurity Posture
emiratesnbd.com
About Emirates NBD Emirates NBD (DFM: Emirates NBD) is a leading banking group in the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. As at 30th September 2023, total assets were AED 836 billion, (equivalent to approx. USD 228 billion). The Group has operations in the UAE, Egypt, India, Türkiye, the Kingdom of Saudi Arabia, Singapore, the United Kingdom, Austria, Germany, Russia and Bahrain and representative offices in China and Indonesia with a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion. Emirates NBD Group serves its customers (individuals, businesses, governments, and institutions) and helps them realise their financial objectives through a range of banking products and services including retail banking, corporate and institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations. The Group is a key participant in the global digital banking industry with 97% of all financial transactions and requests conducted outside of its branches. The Group also operates Liv, the lifestyle digital bank by Emirates NBD, with close to half a million users, it continues to be the fastest-growing bank in the region. Emirates NBD contributes to the construction of a sustainable future as an active participant and supporter of the UAE’s main development and sustainability initiatives, including financial wellness and the inclusion of people of determination. Emirates NBD is committed to supporting the UAE’s Year of Sustainability as Principal Banking Partner of COP28 and an early supporter to the Dubai Can sustainability initiative, a city-wide initiative aimed to reduce use of single-use plastic bottled water.
Emirates NBD A.I CyberSecurity Scoring
Emirates NBD Risk Score (AI oriented)Between 800 and 849
Emirates NBD
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Emirates NBD Global Score (TPRM)XXXX
Emirates NBD
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Emirates NBD Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Emirates NBD: UAE Warns Banking Customers to be on 'High Alert' For Zero-Day WhatsApp Security Breach
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UAE Banking Customers Warned of WhatsApp Zero-Day Exploit Targeting Smartphones A critical WhatsApp security flaw has emerged in the UAE, enabling cybercriminals to hijack smartphones via a single voice call without requiring any user interaction. Emirates NBD issued an urgent advisory after reports revealed the attack exploits an undisclosed *zero-day vulnerability*, a software weakness unknown to developers until it is actively abused. This gives attackers a significant advantage before a patch is released. The breach leverages WhatsApp’s calling feature, allowing hackers to silently infiltrate devices and access private data, including photos, messages, and financial information. Victims may remain unaware of the compromise, as the attack does not trigger visible alerts or require engagement. Cybersecurity officials in the UAE, citing sources from *Gulf News*, warn that the timing of the attack is deliberate. The holiday season’s surge in calls and messages creates an ideal cover for malicious activity, as users are less likely to scrutinize unfamiliar contacts. Emirates NBD emphasized that banks will never request sensitive details, such as OTPs or PINs, via calls or messages. The institution has urged users to update WhatsApp and their operating systems, enable two-step verification, and silence calls from unknown numbers to mitigate risks. Additional precautions include verifying links for suspicious domains (e.g., ".xyz" or ".kom") and using only official banking channels for transactions. Authorities advise immediate reporting of any suspected breaches to limit potential damage. The incident underscores the growing sophistication of cyber threats targeting mobile platforms during high-activity periods.
Emirates NBD Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Emirates NBD
Incidents vs Banking Industry Average (This Year)
Emirates NBD has 24.81% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Emirates NBD has 28.57% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Emirates NBD vs Banking Industry Avg (This Year)
Emirates NBD reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Emirates NBD (X = Date, Y = Severity)
Emirates NBD cyber incidents detection timeline including parent company and subsidiaries
Emirates NBD Company Subsidiaries
About Emirates NBD Emirates NBD (DFM: Emirates NBD) is a leading banking group in the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. As at 30th September 2023, total assets were AED 836 billion, (equivalent to approx. USD 228 billion). The Group has operations in the UAE, Egypt, India, Türkiye, the Kingdom of Saudi Arabia, Singapore, the United Kingdom, Austria, Germany, Russia and Bahrain and representative offices in China and Indonesia with a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion. Emirates NBD Group serves its customers (individuals, businesses, governments, and institutions) and helps them realise their financial objectives through a range of banking products and services including retail banking, corporate and institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations. The Group is a key participant in the global digital banking industry with 97% of all financial transactions and requests conducted outside of its branches. The Group also operates Liv, the lifestyle digital bank by Emirates NBD, with close to half a million users, it continues to be the fastest-growing bank in the region. Emirates NBD contributes to the construction of a sustainable future as an active participant and supporter of the UAE’s main development and sustainability initiatives, including financial wellness and the inclusion of people of determination. Emirates NBD is committed to supporting the UAE’s Year of Sustainability as Principal Banking Partner of COP28 and an early supporter to the Dubai Can sustainability initiative, a city-wide initiative aimed to reduce use of single-use plastic bottled water.
Loading...
Emirates NBD Similar Companies
Banco Bci
Porque el mundo que nos rodea se actualiza constantemente, porque tu decides hacer tu vida más simple: para entretenerte, para compartir con tu familia o para moverte por la ciudad. En Bci evolucionamos junto a ti, en este mundo donde todo se transforma una y otra vez, con soluciones que harán tu vi
Crédit Mutuel Alliance Fédérale
Bancassureur de premier plan en France avec 79 000 collaborateurs au service de 31 millions de clients, Crédit Mutuel Alliance Fédérale propose une offre multiservice à une clientèle de particuliers, de professionnels de proximité et entreprises de toutes tailles, via plus de 4 000 points de vente.
Intesa Sanpaolo
Intesa Sanpaolo è il maggior gruppo bancario in Italia con una significativa presenza internazionale. Il suo business model distintivo la rende leader a livello europeo nel Wealth Management, Protection & Advisory e ne caratterizza l’orientamento al digitale. I’impegno in ambito ESG prevede, entro i
Banco Sabadell
Banco Sabadell es el cuarto grupo bancario privado español, integrado por diferentes bancos, marcas, sociedades filiales y sociedades participadas que abarcan todos los ámbitos del negocio financiero bajo un denominador común: profesionalidad y calidad. Un equipo humano joven y bien preparado, do
Maybank
Maybank Group is the leading financial services provider in Malaysia catering to the needs of consumers, investors, entrepreneurs, non-profit organisations and corporations. The Group, which has expanded internationally, has the largest network among Malaysian banks of over 2,400 branches and office
IDBI Bank
Welcome to IDBI Bank's LinkedIn page! We are a leading bank in India, with a rich legacy. At IDBI Bank, we believe in empowering our customers by providing them with a wide range of banking products and services to meet their financial needs. Whether you are an individual, a small business owner,
Kotak Mahindra Bank
About Kotak Mahindra Group: Established in 1985, the Kotak Mahindra Group is one of India’s leading financial services conglomerates. In February 2003, Kotak Mahindra Finance Ltd. (KMFL), the Group’s flagship company, received a banking license from the Reserve Bank of India (RBI). With this, KMF
PT. BANK NEGARA INDONESIA (Persero) Tbk.
Since its establishment in 1946, BNI has been part of the dynamic of national development in Indonesia. Now BNI has grown and developed into a solid national bank with a sustainable financial performance. ‘Serving the Country, Pride of the Nation”, BNI continues to increase its contribution for the
ING
ING is a pioneer in digital banking and on the forefront as one of the most innovative banks in the world. As ING, we have a clear purpose that represents our conviction of people’s potential. We don’t judge, coach, or tell people how to live their lives. However big or small, modest or grand, we em
.png)
Emirates NBD CyberSecurity News
January 12, 2026 11:46 AM
Emirates NBD warns UAE users of WhatsApp zero-day voice call cyberattack
Emirates NBD has issued a public warning after detecting a dangerous “zero-day” cyberattack exploiting WhatsApp voice calls,...
January 12, 2026 10:21 AM
UAE Warns Banking Customers to be on 'High Alert' For Zero-Day WhatsApp Security Breach
A dangerous WhatsApp zero-day attack in the UAE can compromise smartphones through a single call, putting bank accounts and private data at...
January 12, 2026 05:15 AM
UAE warns of WhatsApp “zero-day” hack via single call
Banking customers in the UAE have been alerted to a “zero-day” security flaw in WhatsApp that allows cybercriminals to compromise...
January 12, 2026 04:43 AM
Emirates NBD issues alert over WhatsApp Zero-Day voice call attack
Emirates NBD explained that the attack leverages an unidentified vulnerability, or "zero-day," to gain unauthorised access to devices.
January 07, 2026 10:24 PM
Banks Switch Off SMS OTPs, Forcing Foreign Residents to Enable Biometric App Approval
From 6 January 2026, leading UAE banks—including Emirates NBD, Abu Dhabi Commercial Bank and Mashreq—have ceased issuing SMS one-time...
October 08, 2025 07:00 AM
CYBER THREAT LANDSCAPE REPORT – UNITED ARAB EMIRATES (UAE)
In 2025, the United Arab Emirates (UAE) experienced a significant surge in cybercriminal activity, particularly in the dark web ecosystem.
October 03, 2025 07:00 AM
UAE bank to replace OTP with app verification for online transaction approvals
Emirates NBD bank said it would soon introduce a more secure, smarter, and faster way to authenticate online transactions, replacing the SMS...
September 14, 2025 07:00 AM
Over 1.4bln accounts hacked monthly worldwide: Cyber Security Council
ABU DHABI: The UAE Cyber Security Council (CSC) has warned of growing risks linked to users' digital footprints, saying more than 1.4...
August 27, 2025 07:00 AM
Why financial literacy for kids must go hand in hand with cybersecurity in UAE
A new report shares tips on how to teach children smart money and online safety habits.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Emirates NBD CyberSecurity History Information
Official Website of Emirates NBD
The official website of Emirates NBD is http://www.emiratesnbd.com.
Emirates NBD’s AI-Generated Cybersecurity Score
According to Rankiteo, Emirates NBD’s AI-generated cybersecurity score is 812, reflecting their Good security posture.
How many security badges does Emirates NBD’ have ?
According to Rankiteo, Emirates NBD currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Emirates NBD been affected by any supply chain cyber incidents ?
According to Rankiteo, Emirates NBD has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Emirates NBD have SOC 2 Type 1 certification ?
According to Rankiteo, Emirates NBD is not certified under SOC 2 Type 1.
Does Emirates NBD have SOC 2 Type 2 certification ?
According to Rankiteo, Emirates NBD does not hold a SOC 2 Type 2 certification.
Does Emirates NBD comply with GDPR ?
According to Rankiteo, Emirates NBD is not listed as GDPR compliant.
Does Emirates NBD have PCI DSS certification ?
According to Rankiteo, Emirates NBD does not currently maintain PCI DSS compliance.
Does Emirates NBD comply with HIPAA ?
According to Rankiteo, Emirates NBD is not compliant with HIPAA regulations.
Does Emirates NBD have ISO 27001 certification ?
According to Rankiteo,Emirates NBD is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Emirates NBD
Emirates NBD operates primarily in the Banking industry.
Number of Employees at Emirates NBD
Emirates NBD employs approximately 24,743 people worldwide.
Subsidiaries Owned by Emirates NBD
Emirates NBD presently has no subsidiaries across any sectors.
Emirates NBD’s LinkedIn Followers
Emirates NBD’s official LinkedIn profile has approximately 1,360,149 followers.
NAICS Classification of Emirates NBD
Emirates NBD is classified under the NAICS code 52211, which corresponds to Commercial Banking.
Emirates NBD’s Presence on Crunchbase
Yes, Emirates NBD has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/emirates-nbd.
Emirates NBD’s Presence on LinkedIn
Yes, Emirates NBD maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/emirates-nbd.
Cybersecurity Incidents Involving Emirates NBD
As of January 24, 2026, Rankiteo reports that Emirates NBD has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Emirates NBD has an estimated 7,157 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Emirates NBD ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Emirates NBD detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with advisory issued to customers, recommendations for security updates and two-step verification, and remediation measures with encouraging app and os updates, enabling two-step verification, muting unknown calls, and communication strategy with urgent advisory to customers via official channels..
Incident Details
Can you provide details on each incident ?
Title: WhatsApp Zero-Day Security Breach Targeting UAE Banking Customers
Description: Banking customers across the UAE are being urged to stay vigilant after reports of a serious WhatsApp 'zero-day' security breach that could allow cybercriminals to take over smartphones through a single voice call. The attack exploits an undisclosed software flaw, enabling hackers to compromise devices without user interaction. Once compromised, attackers may access private photos, personal conversations, and sensitive financial data.
Type: Zero-Day Exploit
Attack Vector: Voice call via WhatsApp
Vulnerability Exploited: Undisclosed zero-day vulnerability in WhatsApp calling feature
Motivation: Financial gain, data theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through WhatsApp voice call.
Impact of the Incidents
What was the impact of each incident ?
Incident : Zero-Day Exploit EMI1768217746
Data Compromised: Private photos, personal conversations, sensitive financial data
Systems Affected: Smartphones (WhatsApp users)
Brand Reputation Impact: Potential reputational damage to banks and WhatsApp
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Private Photos, Personal Conversations, Sensitive Financial Data and .
Which entities were affected by each incident ?
Incident : Zero-Day Exploit EMI1768217746
Entity Name: Emirates NBD
Entity Type: Bank
Industry: Banking/Financial Services
Location: UAE
Customers Affected: Banking customers across the UAE
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Zero-Day Exploit EMI1768217746
Containment Measures: Advisory issued to customers, recommendations for security updates and two-step verification
Remediation Measures: Encouraging app and OS updates, enabling two-step verification, muting unknown calls
Communication Strategy: Urgent advisory to customers via official channels
Data Breach Information
What type of data was compromised in each breach ?
Incident : Zero-Day Exploit EMI1768217746
Type of Data Compromised: Private photos, Personal conversations, Sensitive financial data
Sensitivity of Data: High
Personally Identifiable Information: Likely
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Encouraging app and OS updates, enabling two-step verification, muting unknown calls.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by advisory issued to customers and recommendations for security updates and two-step verification.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Zero-Day Exploit EMI1768217746
Lessons Learned: Zero-day vulnerabilities pose significant risks, especially during high-activity periods like holidays. Proactive security measures (e.g., updates, two-step verification) are critical to mitigating such threats.
What recommendations were made to prevent future incidents ?
Incident : Zero-Day Exploit EMI1768217746
Recommendations: Keep apps and software updated, Enable WhatsApp two-step verification, Silence calls from unknown numbers, Use only official banking channels, Examine links carefully, Report suspicious activity immediatelyKeep apps and software updated, Enable WhatsApp two-step verification, Silence calls from unknown numbers, Use only official banking channels, Examine links carefully, Report suspicious activity immediatelyKeep apps and software updated, Enable WhatsApp two-step verification, Silence calls from unknown numbers, Use only official banking channels, Examine links carefully, Report suspicious activity immediatelyKeep apps and software updated, Enable WhatsApp two-step verification, Silence calls from unknown numbers, Use only official banking channels, Examine links carefully, Report suspicious activity immediatelyKeep apps and software updated, Enable WhatsApp two-step verification, Silence calls from unknown numbers, Use only official banking channels, Examine links carefully, Report suspicious activity immediatelyKeep apps and software updated, Enable WhatsApp two-step verification, Silence calls from unknown numbers, Use only official banking channels, Examine links carefully, Report suspicious activity immediately
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Zero-day vulnerabilities pose significant risks, especially during high-activity periods like holidays. Proactive security measures (e.g., updates, two-step verification) are critical to mitigating such threats.
References
Where can I find more information about each incident ?
Incident : Zero-Day Exploit EMI1768217746
Source: Gulf News
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Gulf News.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Urgent advisory to customers via official channels.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Zero-Day Exploit EMI1768217746
Stakeholder Advisories: Emirates NBD issued an urgent advisory to customers warning of the threat and providing protective measures.
Customer Advisories: Emirates NBD reiterated that it will never ask for personal information or authentication codes via calls or messages. Customers are advised to stay vigilant and follow security best practices.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Emirates NBD issued an urgent advisory to customers warning of the threat and providing protective measures. and Emirates NBD reiterated that it will never ask for personal information or authentication codes via calls or messages. Customers are advised to stay vigilant and follow security best practices..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Zero-Day Exploit EMI1768217746
Entry Point: WhatsApp voice call
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Zero-Day Exploit EMI1768217746
Root Causes: Undisclosed zero-day vulnerability in WhatsApp's calling feature
Corrective Actions: Encouraging users to update apps, enable two-step verification, and mute unknown calls
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Encouraging users to update apps, enable two-step verification, and mute unknown calls.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Private photos, personal conversations and sensitive financial data.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Advisory issued to customers and recommendations for security updates and two-step verification.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Private photos, personal conversations and sensitive financial data.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Zero-day vulnerabilities pose significant risks, especially during high-activity periods like holidays. Proactive security measures (e.g., updates, two-step verification) are critical to mitigating such threats.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Keep apps and software updated, Report suspicious activity immediately, Examine links carefully, Enable WhatsApp two-step verification, Silence calls from unknown numbers and Use only official banking channels.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Gulf News.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Emirates NBD issued an urgent advisory to customers warning of the threat and providing protective measures., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Emirates NBD reiterated that it will never ask for personal information or authentication codes via calls or messages. Customers are advised to stay vigilant and follow security best practices.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an WhatsApp voice call.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=emirates-nbd' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
