Ingram Micro
Company Details
Linkedin ID:
ingram-micro
Website:
Employees number:
28,653
Number of followers:
565,711
NAICS:
5415
Industry Type:
Homepage:
http://www.ingrammicro.com
IP Addresses:
0
Company ID:
ING_5511879
Scan Status:
In-progress
Ingram Micro Company CyberSecurity Posture
http://www.ingrammicro.com
Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to a highly diversified base of business-to-business technology experts. Through Ingram Micro Xvantage™, our AI-powered digital platform, we offer what we believe to be the industry’s first comprehensive business-to-consumer-like experience, integrating hardware and cloud subscriptions, personalized recommendations, instant pricing, order tracking, and billing automation. We also provide a broad range of technology services, including financing, specialized marketing, and lifecycle management, as well as technical pre- and post-sales professional support. Learn more at www.ingrammicro.com.
Ingram Micro A.I CyberSecurity Scoring
Ingram Micro Risk Score (AI oriented)Between 0 and 549
Ingram Micro
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Ingram Micro Global Score (TPRM)XXXX
Ingram Micro
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Ingram Micro Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
Ingram Micro
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The cybercriminals claiming responsibility for Ingram Micro's ransomware attack put a deadline on leaking its data nearly a month after the raid. The SafePay ransomware group posted Ingram Micro to its leak blog on July 29, saying it intends to release 3.5 TB of company data on August 1. In typical double extortion ransomware scenarios, attackers post information about the victim to a leak blog as a pressure tactic. The idea is to heighten publicity about the attack, encouraging the victim to pay the attacker's extortion demands. Ingram Micro confirms ransomware behind multi-day outage.
Ingram Micro
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Ingram Micro, a major U.S.-based technology distributor and managed services provider, suffered a **ransomware attack** starting on **Thursday**, leading to a **prolonged outage** of its website and core network systems. The disruption has **halted order processing**, causing delays in software licensing and preventing customers from accessing or provisioning critical products tied to Ingram’s infrastructure. The attack, attributed to the **SafePay ransomware gang** (though unconfirmed by the company), has forced Ingram Micro to alert shareholders ahead of market opening. While no data breach details have been publicly confirmed, ransomware groups often **exfiltrate sensitive data** before encrypting systems, raising concerns about potential **data leaks or financial extortion**. The outage has **crippled operations** for Ingram’s global clientele, including smaller businesses reliant on its IT services, risking **financial losses, reputational damage, and operational paralysis** until systems are restored. The incident underscores the severe impact of ransomware on supply chains and third-party service providers.
Ingram Micro Holding Corporation
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Ingram Micro Holding Corporation experienced a significant cybersecurity incident where a ransomware attack disrupted its global operations. The attack, identified on July 5, 2025, affected critical internal systems including order processing, inventory management, and customer relationship functions. The malware encrypted files and employed sophisticated evasion techniques, impacting millions of downstream customers. Ingram Micro responded swiftly, taking affected systems offline and implementing containment protocols to prevent further data encryption. The recovery process included system reimaging and enhanced monitoring solutions to mitigate future risks.
Ingram Micro Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Ingram Micro
Incidents vs IT Services and IT Consulting Industry Average (This Year)
Ingram Micro has 455.56% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Ingram Micro has 368.75% more incidents than the average of all companies with at least one recorded incident.
Incident Types Ingram Micro vs IT Services and IT Consulting Industry Avg (This Year)
Ingram Micro reported 3 incidents this year: 0 cyber attacks, 3 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Ingram Micro (X = Date, Y = Severity)
Ingram Micro cyber incidents detection timeline including parent company and subsidiaries
Ingram Micro Company Subsidiaries
Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to a highly diversified base of business-to-business technology experts. Through Ingram Micro Xvantage™, our AI-powered digital platform, we offer what we believe to be the industry’s first comprehensive business-to-consumer-like experience, integrating hardware and cloud subscriptions, personalized recommendations, instant pricing, order tracking, and billing automation. We also provide a broad range of technology services, including financing, specialized marketing, and lifecycle management, as well as technical pre- and post-sales professional support. Learn more at www.ingrammicro.com.
Loading...
Ingram Micro Similar Companies
ITC Infotech
ITC Infotech is a global technology solution and services leader providing business-friendly solutions, that enable future-readiness for clients. We seamlessly bring together digital expertise, strong industry-specific alliances, and deep domain expertise from ITC Group businesses. Our solutions and
Minsait
We are one of the world's leading consultancies in technological services for companies and the public sector. With headquarters in Spain and presence in more than 100 countries, we combine experience in AI, data, cloud and cybersecurity to help companies and organizations generate a positive impact
SoftwareOne
SoftwareOne is a leading global software and cloud solutions provider that is redefining how companies build, buy and manage everything in the cloud. By helping clients to migrate and modernize their workloads and applications – and in parallel, to navigate and optimize the resulting software and cl
Allianz Technology
With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 13,000 employees in more than 20 countries around the world, Allianz Technology is tasked to run, optimize, transform,
NCS Group
NCS, a subsidiary of Singtel Group, is a leading technology services firm with presence in Asia Pacific and partners with governments and enterprises to advance communities through technology. Combining the experience and expertise of its 13,000-strong team across 57 specialisations, NCS provides di
As No. 1, we inspire people in the connected world. With the latest technologies and innovations, together we have the opportunity to shape the future. To do this, we are and act trustworthy, committed and curious. Are you with us? Join us on this exciting journey and work with us or in one of the
AlmavivA Group
Almaviva is synonymous with digital innovation. Proven experience, unique skills, ongoing research and in-depth knowledge of a range of public and private market sectors are what make it the leading Italian Group in Information & Communications Technology. Almaviva leads the Country growth and take
FPT Software, a subsidiary of FPT Corporation, is a global technology and IT services provider headquartered in Vietnam, with USD 1.22 billion in revenue (2024) and over 33,000 employees in 30 countries. The company champions complex business opportunities and challenges with its world-class servic
We automate, digitize and transform the way people bank and shop. We offer proven expertise and comprehensive portfolios in cutting-edge product technology, multi-vendor software and service excellence for financial and retail customers. Consumer behavior is changing rapidly; people are empowered a
.png)
Ingram Micro CyberSecurity News
November 05, 2025 08:00 AM
Ingram Micro CEO Paul Bay On AI, Services And Cybersecurity Push: ‘Together, We Can Drive Unlimited Potential’
“Right now, we sit in the middle of a $5 trillion global ecosystem,” said Ingram Micro CEO Paul Bay from the stage at its One conference. “...
October 17, 2025 07:00 AM
Ingram Micro CEO On Automation, AI, Working With Hyperscalers And Recovering From A Ransomware Attack
Ingram Micro CEO Paul Bay talked about the state of the channel and the ransomware attack that hit the distributor earlier this year during...
October 03, 2025 07:00 AM
Symposium 2025: Ingram Micro boosts the channel with Xvantage, cybersecurity and AI
Digital AV Magazine, portal especializado en información sobre tecnologías y tendencias en audio y video en entornos profesionales.
September 18, 2025 07:00 AM
Ingram Micro CEO Paul Bay Reflects on Ransomware Event
Ingram Micro CEO Paul Bay shared that the Xvantage platform helped the distributor overcome its ransomware attack more quickly.
August 21, 2025 07:00 AM
Ingram Micro adds AlgoSec to supplier line-up
Distributor Ingram Micro has added US-based cybersecurity company AlgoSec to its line-up of suppliers. Through the collaboration, Ingram...
August 20, 2025 07:00 AM
AlgoSec joins Ingram Micro line-up to improve hybrid cloud protection and compliance
Ingram Micro has added cybersecurity outfit AlgoSec to its vendor line-up, strengthening partner solutions to secure hybrid cloud networks...
August 19, 2025 07:00 AM
Ingram Micro partners with AlgoSec to boost hybrid cloud security
Ingram Micro partners with AlgoSec to enhance cybersecurity for hybrid and multi-cloud environments in Australia and New Zealand,...
August 06, 2025 07:00 AM
The Ingram Micro Hack and Increasing Concerns Around Digital Supply Chain Security
Last month's ransomware attack on Ingram Micro, a multibillion-dollar global technology distributor, was a reminder of not only the...
August 05, 2025 07:00 AM
Ingram Micro Data Breach Lawsuit Investigation
If you were affected by the Ingram Micro data breach, you may be entitled to compensation.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Ingram Micro CyberSecurity History Information
Official Website of Ingram Micro
The official website of Ingram Micro is http://www.ingrammicro.com.
Ingram Micro’s AI-Generated Cybersecurity Score
According to Rankiteo, Ingram Micro’s AI-generated cybersecurity score is 440, reflecting their Critical security posture.
How many security badges does Ingram Micro’ have ?
According to Rankiteo, Ingram Micro currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Ingram Micro have SOC 2 Type 1 certification ?
According to Rankiteo, Ingram Micro is not certified under SOC 2 Type 1.
Does Ingram Micro have SOC 2 Type 2 certification ?
According to Rankiteo, Ingram Micro does not hold a SOC 2 Type 2 certification.
Does Ingram Micro comply with GDPR ?
According to Rankiteo, Ingram Micro is not listed as GDPR compliant.
Does Ingram Micro have PCI DSS certification ?
According to Rankiteo, Ingram Micro does not currently maintain PCI DSS compliance.
Does Ingram Micro comply with HIPAA ?
According to Rankiteo, Ingram Micro is not compliant with HIPAA regulations.
Does Ingram Micro have ISO 27001 certification ?
According to Rankiteo,Ingram Micro is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ingram Micro
Ingram Micro operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Ingram Micro
Ingram Micro employs approximately 28,653 people worldwide.
Subsidiaries Owned by Ingram Micro
Ingram Micro presently has no subsidiaries across any sectors.
Ingram Micro’s LinkedIn Followers
Ingram Micro’s official LinkedIn profile has approximately 565,711 followers.
NAICS Classification of Ingram Micro
Ingram Micro is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Ingram Micro’s Presence on Crunchbase
Yes, Ingram Micro has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/ingram-micro.
Ingram Micro’s Presence on LinkedIn
Yes, Ingram Micro maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ingram-micro.
Cybersecurity Incidents Involving Ingram Micro
As of November 30, 2025, Rankiteo reports that Ingram Micro has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Ingram Micro has an estimated 36,626 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ingram Micro ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Ingram Micro detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with taking affected systems offline, containment measures with preventing lateral movement, and remediation measures with comprehensive system reimaging, remediation measures with backup restoration, and recovery measures with implementation of enhanced monitoring solutions, and enhanced monitoring with implementation of enhanced monitoring solutions, and containment measures with ingram micro previously said it had contained the incident, and remediation measures with restored global business operations, remediation measures with restored some of its lesser-used websites, and communication strategy with ingram micro's public information page update, communication strategy with complaints about communications, and and containment measures with system shutdown to limit spread, and remediation measures with restoring systems to resume order processing, and communication strategy with public disclosure to shareholders, communication strategy with brief statements to media..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on Ingram Micro Holding Corporation
Description: Ingram Micro Holding Corporation suffered a significant ransomware attack that disrupted its global operations and affected millions of downstream customers. The attack targeted critical internal systems, and the company took immediate containment measures to prevent further data encryption.
Date Detected: 2025-07-05
Type: Ransomware
Attack Vector: Undisclosed attack vectorsDLL side-loading techniquesProcess hollowing techniques
Motivation: Financial gain
Title: Ingram Micro Ransomware Attack
Description: Cybercriminals claiming responsibility for Ingram Micro's ransomware attack put a deadline on leaking its data nearly a month after the raid.
Date Publicly Disclosed: 2023-07-29
Type: Ransomware
Threat Actor: SafePay ransomware group
Motivation: Extortion
Title: Ransomware Attack on Ingram Micro Causes Major Outage
Description: Ingram Micro, a U.S. technology distributing giant and managed services provider, experienced a ransomware attack that caused an ongoing outage. The attack began on Thursday, leading to the shutdown of the company’s website and much of its network. The outage is affecting software licensing, preventing customers from using or provisioning some products that rely on Ingram’s systems. The SafePay ransomware gang is reportedly responsible, though no major group has officially taken credit. Ingram Micro is working to restore systems to resume order processing.
Date Detected: 2024-02-15T00:00:00Z
Date Publicly Disclosed: 2024-02-19T00:00:00Z
Type: ransomware
Threat Actor: SafePay ransomware gang (reported)
Motivation: financial extortion (presumed)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware ING857071225
Systems Affected: Order processingInventory managementCustomer relationship functions
Downtime: ['Four days']
Operational Impact: Global operations disruption
Incident : Ransomware ING406073025
Data Compromised: 3.5 tb of company data
Operational Impact: Global business operations disruptedWebsites offline
Customer Complaints: ["Complaints about the company's communications"]
Brand Reputation Impact: Publicity about the attack
Incident : ransomware ING1802018100325
Systems Affected: websitenetwork infrastructureorder processing systemssoftware licensing systems
Downtime: {'start': '2024-02-15T00:00:00Z', 'end': None, 'duration': 'ongoing (as of 2024-02-19)'}
Operational Impact: halted order processingdisrupted software licensing for customersprevented provisioning of products relying on Ingram’s systems
Brand Reputation Impact: potential damage due to prolonged outage and ransomware association
Which entities were affected by each incident ?
Incident : Ransomware ING857071225
Entity Name: Ingram Micro Holding Corporation
Entity Type: Technology distribution company
Industry: Technology
Location: Global
Customers Affected: Millions of downstream customers
Incident : Ransomware ING406073025
Entity Name: Ingram Micro
Entity Type: Company
Industry: Technology
Location: Global
Incident : ransomware ING1802018100325
Entity Name: Ingram Micro
Entity Type: technology distributor, managed services provider
Industry: technology distribution and IT services
Location: California, United States
Size: large (global operations)
Customers Affected: corporate customers (especially smaller businesses relying on Ingram’s cloud/IT services)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware ING857071225
Containment Measures: Taking affected systems offlinePreventing lateral movement
Remediation Measures: Comprehensive system reimagingBackup restoration
Recovery Measures: Implementation of enhanced monitoring solutions
Enhanced Monitoring: Implementation of enhanced monitoring solutions
Incident : Ransomware ING406073025
Containment Measures: Ingram Micro previously said it had contained the incident
Remediation Measures: Restored global business operationsRestored some of its lesser-used websites
Communication Strategy: Ingram Micro's public information page updateComplaints about communications
Incident : ransomware ING1802018100325
Incident Response Plan Activated: True
Containment Measures: system shutdown to limit spread
Remediation Measures: restoring systems to resume order processing
Communication Strategy: public disclosure to shareholdersbrief statements to media
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware ING857071225
Data Encryption: ['Files encryption across certain internal systems']
Incident : Ransomware ING406073025
Data Exfiltration: 3.5 TB of company data
Incident : ransomware ING1802018100325
Data Exfiltration: suspected (common tactic for ransomware gangs, but unconfirmed)
Data Encryption: likely (ransomware attack)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Comprehensive system reimaging, Backup restoration, , Restored global business operations, Restored some of its lesser-used websites, , restoring systems to resume order processing, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by taking affected systems offline, preventing lateral movement, , ingram micro previously said it had contained the incident, , system shutdown to limit spread and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware ING857071225
Data Encryption: ['Files encryption across certain internal systems']
Incident : Ransomware ING406073025
Ransom Paid: Did not pay up
Ransomware Strain: SafePay
Data Exfiltration: ['3.5 TB of company data']
Incident : ransomware ING1802018100325
Ransomware Strain: SafePay (reported)
Data Encryption: True
Data Exfiltration: suspected
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Implementation of enhanced monitoring solutions, .
References
Where can I find more information about each incident ?
Incident : Ransomware ING406073025
Source: The Register
Incident : ransomware ING1802018100325
Source: Bleeping Computer
Incident : ransomware ING1802018100325
Source: Ingram Micro public statement (2024-02-19)
Date Accessed: 2024-02-19
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Register, and Source: Bleeping Computer, and Source: Ingram Micro public statement (2024-02-19)Date Accessed: 2024-02-19.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware ING1802018100325
Investigation Status: ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Ingram Micro'S Public Information Page Update, Complaints About Communications, Public Disclosure To Shareholders and Brief Statements To Media.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware ING1802018100325
Stakeholder Advisories: Shareholders Notified Before U.S. Market Opening On 2024-02-19.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Shareholders Notified Before U.S. Market Opening On 2024-02-19.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Ransomware ING857071225
High Value Targets: Order Processing, Inventory Management, Customer Relationship Functions,
Data Sold on Dark Web: Order Processing, Inventory Management, Customer Relationship Functions,
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Implementation Of Enhanced Monitoring Solutions, .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an SafePay ransomware group and SafePay ransomware gang (reported).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-07-05.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-02-19T00:00:00Z.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 3.5 TB of company data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Order processingInventory managementCustomer relationship functions and websitenetwork infrastructureorder processing systemssoftware licensing systems.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Taking affected systems offlinePreventing lateral movement, Ingram Micro previously said it had contained the incident and system shutdown to limit spread.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was 3.5 TB of company data.
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was ['Did not pay up'].
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are The Register, Bleeping Computer and Ingram Micro public statement (2024-02-19).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was shareholders notified before U.S. market opening on 2024-02-19, .
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 1.2
Severity: HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
cvss3
Base: 2.0
Severity: HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 1.0
Severity: HIGH
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ingram-micro' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
