IBEW
Company Details
Linkedin ID:
ibew
Website:
Employees number:
12,643
Number of followers:
135,973
NAICS:
23
Industry Type:
Homepage:
ibew.org
IP Addresses:
0
Company ID:
INT_1949526
Scan Status:
In-progress
International Brotherhood of Electrical Workers (IBEW) Company CyberSecurity Posture
ibew.org
The IBEW represents 860,000 active. and retired who work in a wide variety of fields, including utilities, construction, telecommunications, broadcasting, manufacturing, railroads and government. The IBEW has members in both the United States and Canada and stands out among the American unions in the AFL-CIO because it is among the largest and has members in so many skilled occupations. As union members, we bargain collectively with our employers over wages, benefits, and rights. Most of us have very limited bargaining power as one person, but as a group, we are strong. And, with a good negotiated contract, we have legal protections we would not have otherwise. Follow us on: Twitter: https://twitter.com/IBEW Facebook: https://www.facebook.com/IBEWFB YouTube: http://www.youtube.com/user/TheElectricalWorker
International Brotherhood of Electrical Workers (IBEW) A.I CyberSecurity Scoring
IBEW Risk Score (AI oriented)Between 700 and 749
IBEW
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
IBEW Global Score (TPRM)XXXX
IBEW
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
IBEW Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
NECA/IBEW Family Medical Care Plan
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving the NECA/IBEW Family Medical Care Plan on January 22, 2013. The breach occurred on December 28, 2012, and involved the inadvertent disclosure of members' Social Security numbers on envelopes sent to individuals. The number of individuals affected is unknown.
International Brotherhood of Electrical Workers Local 697
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The **International Brotherhood of Electrical Workers (IBEW) Local 697**, a labor union representing electricians in Lake and Newton counties, Indiana, suffered a **data breach** discovered on **August 1, 2025**. An unauthorized actor gained access to its network, compromising **personally identifiable information (PII)**, including **names and Social Security numbers (SSNs)** of current and former members. The breach was confirmed on **October 20, 2025**, after an investigation, though the exact number of affected individuals remains undisclosed.SSNs are highly sensitive, exposing victims to **identity theft, financial fraud, and long-term reputational harm**. The union responded by securing its network, engaging cybersecurity experts, and notifying affected individuals via mail starting **November 3, 2025**, along with reporting the incident to the **New Hampshire Attorney General**. To mitigate risks, IBEW Local 697 offered impacted members **free identity theft protection services**, including credit monitoring, CyberScan monitoring, **$1,000,000 in identity theft insurance**, and recovery assistance.The breach highlights the severe consequences of **employee data exposure**, particularly when critical identifiers like SSNs are involved, increasing the risk of fraudulent activities targeting union members.
IBEW Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for IBEW
Incidents vs Construction Industry Average (This Year)
International Brotherhood of Electrical Workers (IBEW) has 11.11% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
International Brotherhood of Electrical Workers (IBEW) has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types IBEW vs Construction Industry Avg (This Year)
International Brotherhood of Electrical Workers (IBEW) reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — IBEW (X = Date, Y = Severity)
IBEW cyber incidents detection timeline including parent company and subsidiaries
IBEW Company Subsidiaries
The IBEW represents 860,000 active. and retired who work in a wide variety of fields, including utilities, construction, telecommunications, broadcasting, manufacturing, railroads and government. The IBEW has members in both the United States and Canada and stands out among the American unions in the AFL-CIO because it is among the largest and has members in so many skilled occupations. As union members, we bargain collectively with our employers over wages, benefits, and rights. Most of us have very limited bargaining power as one person, but as a group, we are strong. And, with a good negotiated contract, we have legal protections we would not have otherwise. Follow us on: Twitter: https://twitter.com/IBEW Facebook: https://www.facebook.com/IBEWFB YouTube: http://www.youtube.com/user/TheElectricalWorker
Loading...
IBEW Similar Companies
Al Jaber Group
Al Jaber Group (AJC) is a privately owned, multi-disciplinary conglomerate, based in Abu Dhabi and with branches in the Kingdom of Saudi Arabia and Qatar. AJC provides its professional services in the construction, heavy lifting and logistics, manufacturing and trading sectors. With a workforce i
ALEC Holdings
ALEC Holdings, part of the Investment Corporate of Dubai (ICD), is a leading construction and related businesses group operating in the UAE and KSA. The company builds and provides construction solutions that set industry benchmarks for quality, safety, functionality, and aesthetics. ALEC Holdings
Andrade Gutierrez S.A.
Fundada em Belo Horizonte, Minas Gerais, a Andrade Gutierrez tem reconhecida expertise no segmento de construção pesada. Na década de 1990 iniciou a diversificação dos negócios com investimentos nas áreas de Concessões e Telecomunicações. Hoje o Grupo Andrade Gutierrez é um dos maiores conglomer
Founded in 1952 by Francis Bouygues, Bouygues is a diversified services group operating in over 80 countries with 200,000 employees all working to make life better every day. Its business activities in construction (Bouygues Construction, Bouygues Immobilier, Colas); energies & services (Equans); me
REXEL USA
REXEL, LEADING DISTRIBUTOR WORLDWIDE OF ELECTRICAL SUPPLIES Rexel, a global leader in the distribution of electrical supplies and services, serves three main end markets: industrial, commercial and residential. The Group operates in 38 countries, with a network of some 2,200 branches, a distributio
Hilti Group
Hilti stands for innovation and direct customer relationships. About 34,000 employees around the world, in more than 120 countries, contribute to making our customers’ work more productive, safer and more sustainable. We do this with our hardware, software and service offering. With roughly 280,000
Kiewit
At Kiewit, the projects we deliver make a difference, and we offer opportunities for you to make one, too. Our construction and engineering professionals work on some of the industry’s most complex, challenging and rewarding projects – whether it’s boring tunnels through mountains, turning rivers in
KEC International Ltd.
KEC International Limited, the flagship company of RPG Enterprises is a diversified global infrastructure Engineering, Procurement & Construction (EPC) major, with a presence in the verticals of Power Transmission & Distribution, Railways, Civil, Urban Infrastructure, Oil & Gas Pipelines, Solar, Sma
Skanska
Skanska Group uses knowledge & foresight to shape the way people live, work, and connect. More than 138 years in the making, we’re one of the world’s largest development and construction companies, with 2024 revenue totaling SEK 177 billion. We operate in select markets throughout the Nordics, Europ
.png)
IBEW CyberSecurity News
November 06, 2025 08:00 AM
IBEW Local 697 Data Breach Exposes Social Security Numbers
The International Brotherhood of Electrical Workers Local 697, a labor union representing electricians and related workers in Lake and...
July 24, 2025 07:00 AM
Spanberger offers plan to boost Virginia’s economy
Abigail Spanberger speaks at a union event in Manassas, where she was joined by IBEW Local Union 26 Business Manager Chris Cash.
July 14, 2025 07:00 AM
Claim form open in International Brotherhood of Electrical Workers Local No. 1 data breach settlement
Consumers whose personal information may have been compromised in the March 2024 data breach involving International Brotherhood of...
May 19, 2025 04:01 PM
AI Jobs Expand: Google to Train 100K Electricians
Google.org, the charitable arm of Google, is funding a nationwide push to expand the electrician workforce and weave AI skills into the...
May 01, 2025 07:00 AM
Google will pay to train 100,000 electric workers in bid to support AI infrastructure
Google to fund the training of 100000 US electrical workers over the next five years to support future AI infrastructure and increasing...
March 10, 2025 07:00 AM
Two Calvert Career and Technology Academy Teachers Receive Top Statewide Honors
Calvert County Public Schools is proud to announce that Rick Villano and Robin Burns, both teachers at the Calvert Career and Technology...
October 30, 2024 07:00 AM
Article | The labor union that stopped past proposals for a Western grid is backing this one
The International Brotherhood of Electrical Workers plans to sponsor legislation that would allow California to give up some of its authority over regional...
September 05, 2024 07:00 AM
Labor Union Faces Class Action for Data Breach
A class action complaint was filed against the International Brotherhood of Electrical Workers (IBEW) labor union for a data breach that occurred between March...
August 23, 2024 07:00 AM
IBEW Hit With Class Action Over Data Lost to Ransomware Attack
The International Brotherhood of Electrical Workers failed to protect sensitive files, allowing hackers to infiltrate its network and steal the names and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
IBEW CyberSecurity History Information
Official Website of International Brotherhood of Electrical Workers (IBEW)
The official website of International Brotherhood of Electrical Workers (IBEW) is http://www.ibew.org.
International Brotherhood of Electrical Workers (IBEW)’s AI-Generated Cybersecurity Score
According to Rankiteo, International Brotherhood of Electrical Workers (IBEW)’s AI-generated cybersecurity score is 723, reflecting their Moderate security posture.
How many security badges does International Brotherhood of Electrical Workers (IBEW)’ have ?
According to Rankiteo, International Brotherhood of Electrical Workers (IBEW) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does International Brotherhood of Electrical Workers (IBEW) have SOC 2 Type 1 certification ?
According to Rankiteo, International Brotherhood of Electrical Workers (IBEW) is not certified under SOC 2 Type 1.
Does International Brotherhood of Electrical Workers (IBEW) have SOC 2 Type 2 certification ?
According to Rankiteo, International Brotherhood of Electrical Workers (IBEW) does not hold a SOC 2 Type 2 certification.
Does International Brotherhood of Electrical Workers (IBEW) comply with GDPR ?
According to Rankiteo, International Brotherhood of Electrical Workers (IBEW) is not listed as GDPR compliant.
Does International Brotherhood of Electrical Workers (IBEW) have PCI DSS certification ?
According to Rankiteo, International Brotherhood of Electrical Workers (IBEW) does not currently maintain PCI DSS compliance.
Does International Brotherhood of Electrical Workers (IBEW) comply with HIPAA ?
According to Rankiteo, International Brotherhood of Electrical Workers (IBEW) is not compliant with HIPAA regulations.
Does International Brotherhood of Electrical Workers (IBEW) have ISO 27001 certification ?
According to Rankiteo,International Brotherhood of Electrical Workers (IBEW) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of International Brotherhood of Electrical Workers (IBEW)
International Brotherhood of Electrical Workers (IBEW) operates primarily in the Construction industry.
Number of Employees at International Brotherhood of Electrical Workers (IBEW)
International Brotherhood of Electrical Workers (IBEW) employs approximately 12,643 people worldwide.
Subsidiaries Owned by International Brotherhood of Electrical Workers (IBEW)
International Brotherhood of Electrical Workers (IBEW) presently has no subsidiaries across any sectors.
International Brotherhood of Electrical Workers (IBEW)’s LinkedIn Followers
International Brotherhood of Electrical Workers (IBEW)’s official LinkedIn profile has approximately 135,973 followers.
NAICS Classification of International Brotherhood of Electrical Workers (IBEW)
International Brotherhood of Electrical Workers (IBEW) is classified under the NAICS code 23, which corresponds to Construction.
International Brotherhood of Electrical Workers (IBEW)’s Presence on Crunchbase
No, International Brotherhood of Electrical Workers (IBEW) does not have a profile on Crunchbase.
International Brotherhood of Electrical Workers (IBEW)’s Presence on LinkedIn
Yes, International Brotherhood of Electrical Workers (IBEW) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ibew.
Cybersecurity Incidents Involving International Brotherhood of Electrical Workers (IBEW)
As of December 14, 2025, Rankiteo reports that International Brotherhood of Electrical Workers (IBEW) has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
International Brotherhood of Electrical Workers (IBEW) has an estimated 39,203 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at International Brotherhood of Electrical Workers (IBEW) ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does International Brotherhood of Electrical Workers (IBEW) detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with incident response experts engaged, and containment measures with network secured, and communication strategy with notification letters mailed to affected individuals (nov. 3, 2025); disclosure to new hampshire attorney general (nov. 4, 2025)..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at NECA/IBEW Family Medical Care Plan
Description: The California Office of the Attorney General reported a data breach involving the NECA/IBEW Family Medical Care Plan on January 22, 2013. The breach occurred on December 28, 2012, and involved the inadvertent disclosure of members' Social Security numbers on envelopes sent to individuals. The number of individuals affected is unknown.
Date Detected: 2013-01-22
Date Publicly Disclosed: 2013-01-22
Type: Data Breach
Attack Vector: Inadvertent Disclosure
Title: Data Breach at International Brotherhood of Electrical Workers Local 697
Description: The International Brotherhood of Electrical Workers Local 697, a labor union representing electricians and related workers in Lake and Newton counties, Indiana, experienced a data breach. An unauthorized actor may have accessed or acquired personally identifiable information (PII), including names and Social Security numbers. The breach was detected on Aug. 1, 2025, and confirmed on Oct. 20, 2025. Affected individuals were notified by mail on Nov. 3, 2025, and the breach was disclosed to the New Hampshire Attorney General on Nov. 4, 2025. The union offered free IDX identity theft protection services to impacted individuals.
Date Detected: 2025-08-01
Date Publicly Disclosed: 2025-11-04
Type: Data Breach
Threat Actor: Unauthorized actor
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach IBE827072925
Data Compromised: Social security numbers
Incident : Data Breach IBE3502335110725
Data Compromised: Personally identifiable information (pii)
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive PII (Social Security numbers)
Identity Theft Risk: High (Social Security numbers exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security numbers, Names, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach IBE827072925
Entity Name: NECA/IBEW Family Medical Care Plan
Entity Type: Healthcare
Industry: Healthcare
Location: California
Incident : Data Breach IBE3502335110725
Entity Name: International Brotherhood of Electrical Workers Local 697
Entity Type: Labor Union
Industry: Labor/Construction
Location: Lake and Newton counties, Indiana, USA
Customers Affected: Current and former members (exact number not disclosed)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach IBE3502335110725
Incident Response Plan Activated: True
Third Party Assistance: Incident response experts engaged
Containment Measures: Network secured
Communication Strategy: Notification letters mailed to affected individuals (Nov. 3, 2025); disclosure to New Hampshire Attorney General (Nov. 4, 2025)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Incident response experts engaged.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach IBE827072925
Type of Data Compromised: Social Security numbers
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Incident : Data Breach IBE3502335110725
Type of Data Compromised: Names, Social security numbers
Sensitivity of Data: High (PII, including Social Security numbers)
Data Exfiltration: Possible (unauthorized access or acquisition)
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by network secured.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach IBE3502335110725
Regulatory Notifications: Disclosed to New Hampshire Attorney General (Nov. 4, 2025)
References
Where can I find more information about each incident ?
Incident : Data Breach IBE827072925
Source: California Office of the Attorney General
Date Accessed: 2013-01-22
Incident : Data Breach IBE3502335110725
Source: International Brotherhood of Electrical Workers Local 697 Data Breach Notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2013-01-22, and Source: International Brotherhood of Electrical Workers Local 697 Data Breach Notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach IBE3502335110725
Investigation Status: Completed (as of Oct. 20, 2025)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification letters mailed to affected individuals (Nov. 3, 2025); disclosure to New Hampshire Attorney General (Nov. 4 and 2025).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach IBE3502335110725
Stakeholder Advisories: Free IDX identity theft protection services offered (credit monitoring, CyberScan monitoring, $1,000,000 identity theft insurance, recovery services)
Customer Advisories: Affected individuals notified via mail (Nov. 3, 2025) with guidance on identity theft protection
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Free IDX identity theft protection services offered (credit monitoring, CyberScan monitoring, $1,000,000 identity theft insurance, recovery services), Affected individuals notified via mail (Nov. 3 and 2025) with guidance on identity theft protection.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Incident response experts engaged.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized actor.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2013-01-22.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-04.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, , Personally Identifiable Information (PII) and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Incident response experts engaged.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Network secured.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers and Personally Identifiable Information (PII).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are International Brotherhood of Electrical Workers Local 697 Data Breach Notice and California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (as of Oct. 20, 2025).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Free IDX identity theft protection services offered (credit monitoring, CyberScan monitoring, $1,000,000 identity theft insurance, recovery services), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Affected individuals notified via mail (Nov. 3 and 2025) with guidance on identity theft protection.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 2.6
Severity: HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ibew' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
