KeyBank
Company Details
Linkedin ID:
keybank
Website:
Employees number:
18,726
Number of followers:
120,103
NAICS:
52211
Industry Type:
Homepage:
https://www.key.com
IP Addresses:
0
Company ID:
KEY_1234491
Scan Status:
In-progress
KeyBank Company CyberSecurity Posture
https://www.key.com
At KeyBank we’ve made a promise to our clients that they will always have a champion in us. To deliver on our promise, we’re committed to building a team of engaged employees who do the right thing for our clients and shareholders, and help them achieve financial wellness each and every day. Headquartered in Cleveland, Ohio, KeyCorp is one of the nation’s largest financial services companies. Key Companies provide investment management, retail and commercial banking, consumer finance and investment banking products to individuals and companies throughout the United States and, for certain businesses, internationally. Follow along for business and industry insights, expert advice and more resources to help you achieve your financial goals. KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. KeyBank is Member FDIC. Equal Housing Lender. Credit applications are subject to credit approval.
KeyBank A.I CyberSecurity Scoring
KeyBank Risk Score (AI oriented)Between 550 and 599
KeyBank
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
KeyBank Global Score (TPRM)XXXX
KeyBank
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
KeyBank Company CyberSecurity News & History
Past Incidents
6
Attack Types
1
KeyBank
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported a data breach involving KeyBank on August 26, 2022. The breach occurred on July 5, 2022, when an unauthorized external party gained remote access to the Overby-Seawell Company (OSC) network, affecting KeyBank clients' mortgage information. The specific number of individuals affected is unknown.
KeyBank
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Washington State Office of the Attorney General reported a data breach involving KeyBank on August 26, 2022. The breach, which occurred between May 26, 2022, and July 12, 2022, affected 54,295 residents, with compromised information including names, mortgage details, and home insurance information. Social Security numbers were not impacted.
KeyBank
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On May 12, 2023, KeyBank experienced a data breach caused by insider wrongdoing, as reported by the Maine Attorney General's Office on June 7, 2023. The incident compromised sensitive information, including financial account numbers and personal details of **181 individuals**, among whom **3 were residents of Maine**. The exposed data poses a significant risk of identity theft and financial fraud. In response, KeyBank is providing affected individuals with **two years of identity theft protection** through **Equifax Complete Premier** to mitigate potential harm. The breach highlights vulnerabilities in internal controls, as the compromise stemmed from malicious or negligent actions by an employee or trusted insider. While the scale of the breach is relatively contained in terms of affected individuals, the nature of the exposed data—financial and personal—heightens the severity due to the potential for long-term fraudulent exploitation.
KeyBank
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: KeyBank suffered a breach incident because of a third-party vendor that serves multiple corporate clients. The hackers stole personal data including Social Security numbers, addresses, and account numbers of home mortgage holders. KeyBank notified all affected individuals about the breach.
KeyBank
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The breach reported by KeyBank on February 5, 2021, involved unauthorized access to customer accounts. The compromised information included names, addresses, account numbers, account balances, and transaction details. The number of affected individuals is unknown, but the breach has significant implications for customer trust and potential financial fraud.
KeyBank N.A.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On February 11, 2025, the Maine Office of the Attorney General reported a data breach involving KeyBank N.A., which occurred on December 13, 2024, due to an external system breach (hacking). The breach affected 1,227 individuals in total, with 13 residents experiencing compromised personal information, including names, Social Security numbers, and account details. Identity theft protection services were offered to affected individuals.
KeyBank Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for KeyBank
Incidents vs Banking Industry Average (This Year)
No incidents recorded for KeyBank in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for KeyBank in 2025.
Incident Types KeyBank vs Banking Industry Avg (This Year)
No incidents recorded for KeyBank in 2025.
Incident History — KeyBank (X = Date, Y = Severity)
KeyBank cyber incidents detection timeline including parent company and subsidiaries
KeyBank Company Subsidiaries
At KeyBank we’ve made a promise to our clients that they will always have a champion in us. To deliver on our promise, we’re committed to building a team of engaged employees who do the right thing for our clients and shareholders, and help them achieve financial wellness each and every day. Headquartered in Cleveland, Ohio, KeyCorp is one of the nation’s largest financial services companies. Key Companies provide investment management, retail and commercial banking, consumer finance and investment banking products to individuals and companies throughout the United States and, for certain businesses, internationally. Follow along for business and industry insights, expert advice and more resources to help you achieve your financial goals. KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. KeyBank is Member FDIC. Equal Housing Lender. Credit applications are subject to credit approval.
Loading...
KeyBank Similar Companies
Bank of India
Welcome to Bank of India's official LinkedIn page! Join us & stay tuned to learn about our products, exciting offers & latest happenings. Bank of India was founded on 7th September, 1906 by a group of eminent business professionals from Mumbai. The Bank was under private ownership and control till J
Crédit Mutuel
Un modèle mutualiste au service des clients et des salariés. Réseau bancaire mutualiste constitué de 2124 Caisses locales le Crédit Mutuel se compose de 18 fédérations régionales, couvrant tout le territoire français. Société de personnes et non de capitaux, le Crédit Mutuel n’est pas coté en Bou
RBL Bank
RBL Bank is one of India’s fastest growing private sector banks with an expanding presence across the country. The Bank offers specialized services under six business verticals namely: Corporate & Institutional Banking, Commercial Banking, Branch & Business Banking, Retail Assets and Treasury and Fi
Societe Generale is one of the leading European financial services groups. Based on a diversified and integrated banking model, the Group combines financial strength and proven expertise in innovation with a strategy of sustainable growth. Committed to the positive transformations of the world’s soc
BNP Paribas
BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 64 countries, with more than 178,000 employees, including more than 144,000 in Europe. BNP Paribas holds leading positions in its three major operating divisions: ⚆ Commercial, Personal Banking & Services for
Groupe BPCE
Groupe BPCE, at the service of its customers and the French economy Groupe BPCE pursues a full range of banking and insurance activities, working through its two major Banque Populaire and Caisse d’Epargne cooperative banking networks and through its different subsidiaries. Groupe BPCE, the 2n
At Citizens, we recognize that the journey to accomplishment is no longer linear and that individuals are made of all they have done and all they are going to do. As one of the oldest and largest financial services firms in the United States with a history dating back to 1828, we’re committed to pro
Banco de Crédito BCP
Somos el banco peruano que desde hace más de 130 años viene liderando el sistema financiero a nivel nacional. A lo largo de todo este tiempo hemos contribuido con el desarrollo económico de nuestro país, transformando planes en realidad. Todo esto es posible gracias al equipo de profesionales de p
Handelsbanken
We are Europe's safest commercial bank, with roots in local communities throughout Sweden, the Netherlands, Norway, and the UK. Across a range of digital and physical meeting places, our branch teams offer ‘up close and personal’ financial advice and solutions, based on customers’ individual needs.
.png)
KeyBank CyberSecurity News
November 10, 2025 08:00 AM
Fed points to market froth as leading stability risk; What KeyBank's new embedded banking boss has planned
November 07, 2025 08:00 AM
What KeyBank's new embedded banking boss has planned
Eric Girard, who became KeyBank's head of embedded banking and co-head of commercial product in October, is aiming to make the technology...
November 03, 2025 08:00 AM
Capital strategies in 2025: How middle market companies secure, spend and save
Nearly half of middle market companies are actively pursuing capital to fund new initiatives, according to KeyBank's latest Middle Market...
October 30, 2025 07:00 AM
Cyber and fraud incidents are the new normal: Are you prepared or vulnerable?
In a recent KeyBank survey of owners and executives of U.S. businesses, data shows seven in ten companies polled reported experiencing a...
October 27, 2025 07:00 AM
Key Commercial Bank Appoints Industry Veteran Eric Girard to Head Embedded Banking
Key Commercial Bank has named its head of commercial onboarding, Eric Girard, to be its head of embedded banking and its co-head of...
October 24, 2025 07:00 AM
KeyBank Celebrates Opening of New, Full-Service Branch in Akron, Grant To Support a Local Non-Profit
New branch is designed to give clients a more personal and accessible banking experience AKRON, OH / ACCESS Newswire / October 24,...
October 09, 2025 07:00 AM
Key Bank: U.S. small businesses are in ‘survival mode’
KeyBank's Small Business Survey finds one in four small business owners are in survival mode as they face inflation, tariffs,...
October 08, 2025 07:00 AM
Key BANk/Kpcdomax and Apollo/NexusAPOgo: new scams on WhatsApp using legitimate bank names (ANALYSIS)
WhatsApp apps and groups promise safe stock investments, but behind Key BANk/Kpcdomax and Apollo/NexusAPOgo lies a financial deception that...
October 01, 2025 07:00 AM
City of Mansfield recovers almost all of $748,000 stolen in May email scam
By working with law enforcement, banking partners and the City of Mansfield's insurance carriers, Finance Director Kelly Converse said the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
KeyBank CyberSecurity History Information
Official Website of KeyBank
The official website of KeyBank is https://www.key.com.
KeyBank’s AI-Generated Cybersecurity Score
According to Rankiteo, KeyBank’s AI-generated cybersecurity score is 584, reflecting their Very Poor security posture.
How many security badges does KeyBank’ have ?
According to Rankiteo, KeyBank currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does KeyBank have SOC 2 Type 1 certification ?
According to Rankiteo, KeyBank is not certified under SOC 2 Type 1.
Does KeyBank have SOC 2 Type 2 certification ?
According to Rankiteo, KeyBank does not hold a SOC 2 Type 2 certification.
Does KeyBank comply with GDPR ?
According to Rankiteo, KeyBank is not listed as GDPR compliant.
Does KeyBank have PCI DSS certification ?
According to Rankiteo, KeyBank does not currently maintain PCI DSS compliance.
Does KeyBank comply with HIPAA ?
According to Rankiteo, KeyBank is not compliant with HIPAA regulations.
Does KeyBank have ISO 27001 certification ?
According to Rankiteo,KeyBank is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of KeyBank
KeyBank operates primarily in the Banking industry.
Number of Employees at KeyBank
KeyBank employs approximately 18,726 people worldwide.
Subsidiaries Owned by KeyBank
KeyBank presently has no subsidiaries across any sectors.
KeyBank’s LinkedIn Followers
KeyBank’s official LinkedIn profile has approximately 120,103 followers.
NAICS Classification of KeyBank
KeyBank is classified under the NAICS code 52211, which corresponds to Commercial Banking.
KeyBank’s Presence on Crunchbase
No, KeyBank does not have a profile on Crunchbase.
KeyBank’s Presence on LinkedIn
Yes, KeyBank maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/keybank.
Cybersecurity Incidents Involving KeyBank
As of December 23, 2025, Rankiteo reports that KeyBank has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
KeyBank has an estimated 7,108 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at KeyBank ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does KeyBank detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified all affected individuals, and third party assistance with equifax (for identity theft protection services), and remediation measures with offering two years of identity theft protection (equifax complete premier) to affected individuals, and communication strategy with public disclosure via maine attorney general's office; likely direct notification to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: KeyBank Data Breach via Third-Party Vendor
Description: KeyBank suffered a breach incident because of a third-party vendor that serves multiple corporate clients. The hackers stole personal data including Social Security numbers, addresses, and account numbers of home mortgage holders. KeyBank notified all affected individuals about the breach.
Type: Data Breach
Attack Vector: Third-Party Vendor
Title: KeyBank Data Breach
Description: Unauthorized access to customer accounts involving names, addresses, account numbers, account balances, and transaction details.
Date Detected: 2021-02-05
Date Publicly Disclosed: 2021-02-05
Type: Data Breach
Attack Vector: Unauthorized Access
Title: KeyBank Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving KeyBank on August 26, 2022. The breach, which occurred between May 26, 2022, and July 12, 2022, affected 54,295 residents, with compromised information including names, mortgage details, and home insurance information. Social Security numbers were not impacted.
Date Detected: 2022-07-12
Date Publicly Disclosed: 2022-08-26
Type: Data Breach
Title: KeyBank N.A. Data Breach
Description: A data breach involving KeyBank N.A. occurred on December 13, 2024, due to an external system breach (hacking). The breach affected 1,227 individuals in total, with 13 residents experiencing compromised personal information, including names, Social Security numbers, and account details. Identity theft protection services were offered to affected individuals.
Date Detected: 2024-12-13
Date Publicly Disclosed: 2025-02-11
Type: Data Breach
Attack Vector: External System Breach (Hacking)
Title: KeyBank Data Breach
Description: The California Office of the Attorney General reported a data breach involving KeyBank on August 26, 2022. The breach occurred on July 5, 2022, when an unauthorized external party gained remote access to the Overby-Seawell Company (OSC) network, affecting KeyBank clients' mortgage information. The specific number of individuals affected is unknown.
Date Detected: 2022-07-05
Date Publicly Disclosed: 2022-08-26
Type: Data Breach
Attack Vector: Remote Access
Threat Actor: Unauthorized External Party
Title: KeyBank Data Breach Due to Insider Wrongdoing
Description: The Maine Attorney General's Office reported a data breach involving KeyBank on June 7, 2023. The breach occurred on May 12, 2023, due to insider wrongdoing, affecting 181 individuals, including 3 residents of Maine. The compromised information included financial account numbers and personal details, and KeyBank is offering two years of identity theft protection through Equifax Complete Premier.
Date Detected: 2023-05-12
Date Publicly Disclosed: 2023-06-07
Type: Data Breach
Attack Vector: Insider Threat
Threat Actor: Insider (Employee/Associate)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach KEY2114141122
Data Compromised: Social security numbers, Addresses, Account numbers
Incident : Data Breach KEY253072625
Data Compromised: Names, Addresses, Account numbers, Account balances, Transaction details
Incident : Data Breach KEY427072625
Data Compromised: Names, Mortgage details, Home insurance information
Incident : Data Breach KEY146072725
Data Compromised: Names, Social security numbers, Account details
Identity Theft Risk: High
Incident : Data Breach KEY526080525
Data Compromised: Mortgage Information
Incident : Data Breach KEY717082025
Data Compromised: Financial account numbers, Personal details
Brand Reputation Impact: Potential reputational damage due to insider breach and exposure of sensitive data
Identity Theft Risk: High (financial account numbers and personal details exposed)
Payment Information Risk: High (financial account numbers compromised)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, Addresses, Account Numbers, , Names, Addresses, Account Numbers, Account Balances, Transaction Details, , Names, Mortgage Details, Home Insurance Information, , Names, Social Security Numbers, Account Details, , Mortgage Information, Financial Account Numbers, Personal Details and .
Which entities were affected by each incident ?
Incident : Data Breach KEY2114141122
Entity Name: KeyBank
Entity Type: Corporation
Industry: Financial Services
Incident : Data Breach KEY253072625
Entity Name: KeyBank
Entity Type: Financial Institution
Industry: Banking
Incident : Data Breach KEY427072625
Entity Name: KeyBank
Entity Type: Financial Institution
Industry: Banking
Customers Affected: 54295
Incident : Data Breach KEY146072725
Entity Name: KeyBank N.A.
Entity Type: Financial Institution
Industry: Banking
Customers Affected: 1227
Incident : Data Breach KEY526080525
Entity Name: KeyBank
Entity Type: Financial Institution
Industry: Banking
Incident : Data Breach KEY717082025
Entity Name: KeyBank
Entity Type: Financial Institution
Industry: Banking/Financial Services
Location: United States
Customers Affected: 181
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach KEY2114141122
Communication Strategy: Notified all affected individuals
Incident : Data Breach KEY717082025
Third Party Assistance: Equifax (for identity theft protection services)
Remediation Measures: Offering two years of identity theft protection (Equifax Complete Premier) to affected individuals
Communication Strategy: Public disclosure via Maine Attorney General's Office; likely direct notification to affected individuals
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Equifax (for identity theft protection services).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach KEY2114141122
Type of Data Compromised: Social security numbers, Addresses, Account numbers
Incident : Data Breach KEY253072625
Type of Data Compromised: Names, Addresses, Account numbers, Account balances, Transaction details
Personally Identifiable Information: namesaddresses
Incident : Data Breach KEY427072625
Type of Data Compromised: Names, Mortgage details, Home insurance information
Number of Records Exposed: 54295
Personally Identifiable Information: names
Incident : Data Breach KEY146072725
Type of Data Compromised: Names, Social security numbers, Account details
Number of Records Exposed: 1227
Sensitivity of Data: High
Incident : Data Breach KEY526080525
Type of Data Compromised: Mortgage Information
Incident : Data Breach KEY717082025
Type of Data Compromised: Financial account numbers, Personal details
Number of Records Exposed: 181
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Offering two years of identity theft protection (Equifax Complete Premier) to affected individuals.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach KEY717082025
Regulatory Notifications: Maine Attorney General's Office (and potentially other state regulators, given the multi-state impact)
References
Where can I find more information about each incident ?
Incident : Data Breach KEY427072625
Source: Washington State Office of the Attorney General
Date Accessed: 2022-08-26
Incident : Data Breach KEY146072725
Source: Maine Office of the Attorney General
Date Accessed: 2025-02-11
Incident : Data Breach KEY526080525
Source: California Office of the Attorney General
Date Accessed: 2022-08-26
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2022-08-26, and Source: Maine Office of the Attorney GeneralDate Accessed: 2025-02-11, and Source: California Office of the Attorney GeneralDate Accessed: 2022-08-26, and Source: Maine Attorney General's OfficeDate Accessed: 2023-06-07.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified all affected individuals and Public disclosure via Maine Attorney General's Office; likely direct notification to affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach KEY717082025
Customer Advisories: Two years of identity theft protection offered to affected individuals via Equifax Complete Premier
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Two years of identity theft protection offered to affected individuals via Equifax Complete Premier.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach KEY717082025
High Value Targets: Financial Account Numbers, Personal Details,
Data Sold on Dark Web: Financial Account Numbers, Personal Details,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach KEY717082025
Root Causes: Insider wrongdoing (intentional or negligent misconduct by an employee/associate)
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Equifax (for identity theft protection services).
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unauthorized External Party and Insider (Employee/Associate).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2021-02-05.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-06-07.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, addresses, account numbers, , names, addresses, account numbers, account balances, transaction details, , names, mortgage details, home insurance information, , Names, Social Security numbers, Account details, , Mortgage Information, Financial account numbers, Personal details and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Equifax (for identity theft protection services).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Mortgage Information, transaction details, account numbers, home insurance information, addresses, mortgage details, Financial account numbers, account balances, Personal details, Social Security numbers, Account details and names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 947.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General, Washington State Office of the Attorney General, California Office of the Attorney General and Maine Attorney General's Office.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Two years of identity theft protection offered to affected individuals via Equifax Complete Premier.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md#reproduce
- https://vuldb.com/?ctiid.337689
- https://vuldb.com/?id.337689
- https://vuldb.com/?submit.719154
- https://www.tenda.com.cn/
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=keybank' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
