Federal Ministry of the Interior
Last Update: 2025-12-12
Between 800 and 849
Location Berlin
NAICS: 92
NAICS Definition: Public Administration
Employees: 306
Subsidiaries: 0
12-month incidents
1
Known data breaches
0
Attack type number
1
Comparison Overview
Federal Ministry of the Interior
VS
State of Ohio
State of Ohio
Last Update: 2025-12-09
Between 750 and 799
Employment with the State of Ohio is more than ‘just a job’ – it is a privilege to serve our families, friends and neighbors who rely on us throughout our great state. We are a team of dedicated public servants committed to high performance, innovative thinking, and delivering excellent and efficient services. Our goal is to recruit and retain the best talent for our positions, because when we have the best talent, we get the best results for our community. We are #TeamOhio.
NAICS: 92
NAICS Definition: Public Administration
Employees: 27,825
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
Compliance Badges Comparison
Security & Compliance Standards Overview
Federal Ministry of the Interior
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
State of Ohio
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
Compliance Summary
Federal Ministry of the Interior
100%
Compliance Rate
0/4 Standards Verified
State of Ohio
0%
Compliance Rate
0/4 Standards Verified
Benchmark & Cyber Underwriting Signals
Incidents vs Government Administration Industry Average (This Year)
Federal Ministry of the Interior has 23.46% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for State of Ohio in 2025.
Incident History — Federal Ministry of the Interior (X = Date, Y = Severity)
Federal Ministry of the Interior cyber incidents detection timeline including parent company and subsidiaries
Incident History — State of Ohio (X = Date, Y = Severity)
State of Ohio cyber incidents detection timeline including parent company and subsidiaries
Notable Incidents
Last 3 Security & Risk Events by Company
Federal Ministry of the Interior
Incidents
State of Ohio
Incidents
No Incident
FAQ
Federal Ministry of the Interior company demonstrates a stronger AI Cybersecurity Score compared to State of Ohio company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.
Federal Ministry of the Interior company has historically faced a number of disclosed cyber incidents, whereas State of Ohio company has not reported any.
In the current year, Federal Ministry of the Interior company has reported more cyber incidents than State of Ohio company.
Neither State of Ohio company nor Federal Ministry of the Interior company has reported experiencing a ransomware attack publicly.
Neither State of Ohio company nor Federal Ministry of the Interior company has reported experiencing a data breach publicly.
Federal Ministry of the Interior company has reported targeted cyberattacks, while State of Ohio company has not reported such incidents publicly.
Neither Federal Ministry of the Interior company nor State of Ohio company has reported experiencing or disclosing vulnerabilities publicly.
Neither Federal Ministry of the Interior nor State of Ohio holds any compliance certifications.
Neither company holds any compliance certifications.
Neither Federal Ministry of the Interior company nor State of Ohio company has publicly disclosed detailed information about the number of their subsidiaries.
State of Ohio company employs more people globally than Federal Ministry of the Interior company, reflecting its scale as a Government Administration.
Neither Federal Ministry of the Interior nor State of Ohio holds SOC 2 Type 1 certification.
Neither Federal Ministry of the Interior nor State of Ohio holds SOC 2 Type 2 certification.
Neither Federal Ministry of the Interior nor State of Ohio holds ISO 27001 certification.
Neither Federal Ministry of the Interior nor State of Ohio holds PCI DSS certification.
Neither Federal Ministry of the Interior nor State of Ohio holds HIPAA certification.
Neither Federal Ministry of the Interior nor State of Ohio holds GDPR certification.
Latest Global CVEs (Not Company-Specific)
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn't strictly enforced. This issue does not have a fix at the time of publication.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
