Korean Air
Company Details
Linkedin ID:
korean-air
Website:
Employees number:
3,404
Number of followers:
65,163
NAICS:
481
Industry Type:
Homepage:
koreanair.com
IP Addresses:
0
Company ID:
KOR_1735068
Scan Status:
In-progress
Korean Air Company CyberSecurity Posture
koreanair.com
Serving the world for more than 50 years, Korean Air is one of the world's top 20 airlines, carrying more than 27 million passengers in 2019, pre-COVID. With its global hub at Incheon International Airport (ICN), the airline serves 120 cities in 43 countries on five continents with a modern fleet of 155 aircraft and over 20,000 professional employees. Korean Air's outstanding performance and commitment to the highest level of safety and customer service was further highlighted during the pandemic; the airline was granted numerous awards including 2021 Airline of the Year and 2022 Cargo Operator of the Year by Air Transport World, and a 5-star COVID safety rating from Skytrax. Korean Air is a founding member of the SkyTeam airline alliance, and has grown into one of the largest transpacific airlines through its joint venture with Delta Air Lines. Dedicated to providing Excellence in Flight, Korean Air’s vision is to be a respected leader in the world airline community. For more information about Korean Air, please visit www.koreanair.com, Korean Air Newsroom, facebook.com/KoreanAir, instagram.com/KoreanAirworld and Twitter@KoreanAir_KE.
Korean Air A.I CyberSecurity Scoring
Korean Air Risk Score (AI oriented)Between 750 and 799
Korean Air
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Korean Air Global Score (TPRM)XXXX
Korean Air
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Korean Air Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
KC&DKC&D and Korean Air: Korean Air employees' personal info leaked after supplier hit by hacking attack
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: **Korean Air Employee Data Exposed in Cyberattack on Partner Firm** Korean Air, South Korea’s largest airline, confirmed that sensitive employee information was compromised following a cyberattack on KC&D, a third-party vendor responsible for in-flight meals and onboard sales. The breach, disclosed in an internal notice on Monday, exposed personal data—including names and phone numbers—stored on KC&D’s servers. The airline detected the incident after being alerted by KC&D and responded by implementing emergency security measures and reporting the breach to authorities. Employees were advised to monitor for potential follow-up attacks, such as phishing attempts via suspicious messages. This incident adds to a growing trend of data breaches affecting major South Korean companies, including recent attacks on Coupang, KT Corp., and Shinhan Card. Meanwhile, Korean Air is also navigating regulatory scrutiny over its merger with Asiana Airlines, with the Fair Trade Commission requiring revisions to its mileage integration plan by next month. The acquisition, finalized in December 2024 after a four-year review, allows Asiana customers to retain their mileage value for a decade post-merger.
Korean Air: Data breach at Korean Air leaks 30,000 employee records
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: **Korean Air Reports Data Breach Affecting 30,000 Employees in Third-Party Cyberattack** Korean Air has disclosed a data breach exposing the personal information of approximately 30,000 employees, marking the second major incident in South Korea’s airline industry in recent weeks. The breach occurred after a cyberattack on KC&D Service, a former in-flight catering subsidiary of the airline, which was sold to private equity firm Hahn & Company in 2020. The leaked data includes names and bank account numbers, though Korean Air confirmed that no customer information was compromised. The airline was notified of the breach by KC&D, prompting an immediate internal investigation. In a message to employees, Vice Chairman Woo Kee-hong emphasized the severity of the incident, stating that the company is working to determine the full scope of the breach and identify affected individuals. Korean Air implemented emergency security measures following the discovery, including a review of service integrations with KC&D, and voluntarily reported the incident to authorities. The airline has also urged KC&D to conduct a thorough analysis to prevent future breaches and plans to enhance its data protection protocols. The incident follows a similar breach at Asiana Airlines last week, which exposed the personal information of around 10,000 employees. Both cases highlight growing cybersecurity risks in the aviation sector, particularly through third-party vendors.
Korean Air Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Korean Air
Incidents vs Airlines and Aviation Industry Average (This Year)
Korean Air has 31.58% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Korean Air has 26.58% more incidents than the average of all companies with at least one recorded incident.
Incident Types Korean Air vs Airlines and Aviation Industry Avg (This Year)
Korean Air reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Korean Air (X = Date, Y = Severity)
Korean Air cyber incidents detection timeline including parent company and subsidiaries
Korean Air Company Subsidiaries
Serving the world for more than 50 years, Korean Air is one of the world's top 20 airlines, carrying more than 27 million passengers in 2019, pre-COVID. With its global hub at Incheon International Airport (ICN), the airline serves 120 cities in 43 countries on five continents with a modern fleet of 155 aircraft and over 20,000 professional employees. Korean Air's outstanding performance and commitment to the highest level of safety and customer service was further highlighted during the pandemic; the airline was granted numerous awards including 2021 Airline of the Year and 2022 Cargo Operator of the Year by Air Transport World, and a 5-star COVID safety rating from Skytrax. Korean Air is a founding member of the SkyTeam airline alliance, and has grown into one of the largest transpacific airlines through its joint venture with Delta Air Lines. Dedicated to providing Excellence in Flight, Korean Air’s vision is to be a respected leader in the world airline community. For more information about Korean Air, please visit www.koreanair.com, Korean Air Newsroom, facebook.com/KoreanAir, instagram.com/KoreanAirworld and Twitter@KoreanAir_KE.
Loading...
Korean Air Similar Companies
Ethiopian Airlines
Ethiopian Airlines Group (Ethiopian) is a true African success story, transforming a visionary dream into a globally renowned reality for nearly eight decades. Operating flights to more than 160 domestic and international passenger, and cargo destinations across five continents, Ethiopian bridges th
The Lufthansa Group is an aviation company with operations worldwide. It plays a leading role in its European home market. With 109,509 employees, the Lufthansa Group generated revenue of EUR 32.770m in the financial year 2022. The Passenger Airlines segment includes, on the one hand, the network a
Air France
Depuis 1933, la compagnie Air France porte haut les couleurs de la France à travers le monde entier. Avec une activité, répartie entre le transport aérien de passagers, le fret, la maintenance et l’entretien aéronautique, Air France est un acteur majeur du secteur aérien. Plus de 45 000 collaborateu
gategourmet
gategourmet has been serving the airline industry for more than 70 years and has become the world’s largest independent provider of airline catering and logistics. We prepare tens of thousands of tasty, nutritious passenger meals and snacks daily and reliably service more than 2 million flights a ye
We would like to acknowledge the Traditional Custodians of the local lands and waterways on which we live, work and fly. We pay our respects to Elders past and present. Spirit is everything to us, and joining the Qantas team means bringing your spirit to ours. We have over 26,000 exceptional emplo
Grupo Aeromexico, S.A.B. de C.V. is a holding company whose subsidiaries are engaged in commercial aviation and the promotion of passenger loyalty programs in Mexico. Aeromexico, Mexico’s global airline, operates more than 600 daily flights and has its main hub in Terminal 2 of the Mexico City Inter
Turkish Airlines
Turkish Airlines has soared to new heights since its first flight in 1933, becoming the airline that connects more countries than any other. Our commitment to excellence is reflected in the world-class service, comfort, and innovative travel experience we offer, designed to elevate every journey.
Qatar Airways
Qatar Airways is the national airline of the State of Qatar. Based in Doha, the Airline’s trendsetting on-board product focuses on: comfort, fine cuisine, the latest in-flight audio & video entertainment, award-winning service and one of the youngest and most advanced aircraft fleet in the sky. Awa
Ryanair - Europe's Favourite Airline
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Ryanair DAC, Lauda, Buzz and Ryanair UK. Carrying 160m+ guests p.a. on over 3,000 daily flights to/from 225 airports. Plan to carry 225m+ guests p.a. by 2026. Unfortunately, we are unable to answer customer service que
.png)
Korean Air CyberSecurity News
December 29, 2025 12:59 AM
Data breach at Korean Air leaks 30,000 employee records
A data breach involving the personal information of Korean Air employees was recently reported — the second such incident in the airline...
December 28, 2025 02:45 PM
Korean Air employees' personal info leaked after supplier hit by hacking attack
Seoul, Dec 29 (IANS) Personal information of employees at Korean Air, South Korea's largest flag carrier, has been leaked after a partner...
November 20, 2025 08:00 AM
Hana Bank receives FSC commendation for infomation security
Hana Bank has received the Financial Services Commission (FSC) Chairman's commendation for contributions to information protection in the...
November 18, 2025 08:00 AM
Hyundai Motor launches 1st group-level cyberthreat team: sources
Hyundai Motor Group has created its first group-level cyberthreat response team amid a rise in cybersecurity risks across various industrial...
November 17, 2025 08:00 AM
Korea, US launch joint cybersecurity drills
Korea and the United States kicked off a joint cybersecurity exercise Monday to strengthen their combined readiness posture against...
November 01, 2025 07:00 AM
Archer Aviation’s Valuation in Focus Following Korean Air’s Major Midnight eVTOL Partnership
Korean Air and Archer Aviation have signed an agreement to bring Archer's Midnight eVTOL aircraft to Korea, with Korean Air planning to buy...
October 31, 2025 07:00 AM
Korean Air becomes new A350F customer
Korean Air has become a new customer for the world's only all-new large freighter, following the conversion of seven of its existing...
October 23, 2025 07:00 AM
Korea, Estonia sign MOU on Chunmoo multiple rocket launcher
The defense chiefs of South Korea and Estonia on Thursday signed an agreement to support Estonia's bid to acquire the Chunmoo, South Korea's...
October 21, 2025 07:00 AM
Korean Air unveils new unmanned aircraft
Korean Air unveiled three unmanned aerial vehicles (UAVs) at the Seoul International Aerospace & Defense Exhibition (ADEX) 2025 in Seoul.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Korean Air CyberSecurity History Information
Official Website of Korean Air
The official website of Korean Air is http://koreanair.com.
Korean Air’s AI-Generated Cybersecurity Score
According to Rankiteo, Korean Air’s AI-generated cybersecurity score is 757, reflecting their Fair security posture.
How many security badges does Korean Air’ have ?
According to Rankiteo, Korean Air currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Korean Air have SOC 2 Type 1 certification ?
According to Rankiteo, Korean Air is not certified under SOC 2 Type 1.
Does Korean Air have SOC 2 Type 2 certification ?
According to Rankiteo, Korean Air does not hold a SOC 2 Type 2 certification.
Does Korean Air comply with GDPR ?
According to Rankiteo, Korean Air is not listed as GDPR compliant.
Does Korean Air have PCI DSS certification ?
According to Rankiteo, Korean Air does not currently maintain PCI DSS compliance.
Does Korean Air comply with HIPAA ?
According to Rankiteo, Korean Air is not compliant with HIPAA regulations.
Does Korean Air have ISO 27001 certification ?
According to Rankiteo,Korean Air is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Korean Air
Korean Air operates primarily in the Airlines and Aviation industry.
Number of Employees at Korean Air
Korean Air employs approximately 3,404 people worldwide.
Subsidiaries Owned by Korean Air
Korean Air presently has no subsidiaries across any sectors.
Korean Air’s LinkedIn Followers
Korean Air’s official LinkedIn profile has approximately 65,163 followers.
NAICS Classification of Korean Air
Korean Air is classified under the NAICS code 481, which corresponds to Air Transportation.
Korean Air’s Presence on Crunchbase
No, Korean Air does not have a profile on Crunchbase.
Korean Air’s Presence on LinkedIn
Yes, Korean Air maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/korean-air.
Cybersecurity Incidents Involving Korean Air
As of December 29, 2025, Rankiteo reports that Korean Air has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Korean Air has an estimated 3,653 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Korean Air ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Korean Air detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and containment measures with emergency security measures, safety check on service integrations with kc&d, and remediation measures with urged kc&d to analyze the incident and prevent recurrence, and communication strategy with internal notice to employees, public statement via representative, and incident response plan activated with emergency security measures, and law enforcement notified with reported to relevant authorities, and communication strategy with internal notice to employees urging vigilance against potential secondary damage..
Incident Details
Can you provide details on each incident ?
Title: Korean Air Employee Data Breach via Third-Party Vendor
Description: A data breach involving the personal information of Korean Air employees occurred after a cyberattack on KC&D Service, a former in-flight catering subsidiary of Korean Air. The breach exposed names and bank account numbers of approximately 30,000 employees. No customer data was affected.
Type: Data Breach
Title: Korean Air Employee Data Exposed in KC&D Cyberattack
Description: Personal information of employees at Korean Air was leaked after a cyberattack hit KC&D, a partner firm handling its in-flight meals and onboard sales services. The breach exposed names and phone numbers of Korean Air employees stored on KC&D's servers.
Type: Data Breach
Threat Actor: Hacker group
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach KOR1766970764
Data Compromised: Names and bank account numbers
Brand Reputation Impact: Negative impact due to employee data breach
Identity Theft Risk: High
Payment Information Risk: High
Incident : Data Breach KC&KOR1766985380
Data Compromised: Names and phone numbers of employees
Systems Affected: KC&D's servers
Identity Theft Risk: Potential secondary damage (e.g., phishing via suspicious text messages or emails)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information and Personal information.
Which entities were affected by each incident ?
Incident : Data Breach KOR1766970764
Entity Name: Korean Air
Entity Type: Airline
Industry: Aviation
Location: South Korea
Customers Affected: 0 (no customer data affected)
Incident : Data Breach KOR1766970764
Entity Name: KC&D Service
Entity Type: Third-Party Vendor (Former Subsidiary)
Industry: Catering
Location: South Korea
Customers Affected: 30,000 employees
Incident : Data Breach KC&KOR1766985380
Entity Name: Korean Air
Entity Type: Airline
Industry: Aviation
Location: South Korea
Incident : Data Breach KC&KOR1766985380
Entity Name: KC&D
Entity Type: Supplier
Industry: Catering and Onboard Sales
Location: South Korea
Customers Affected: Korean Air employees
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach KOR1766970764
Incident Response Plan Activated: Yes
Containment Measures: Emergency security measures, safety check on service integrations with KC&D
Remediation Measures: Urged KC&D to analyze the incident and prevent recurrence
Communication Strategy: Internal notice to employees, public statement via representative
Incident : Data Breach KC&KOR1766985380
Incident Response Plan Activated: Emergency security measures
Law Enforcement Notified: Reported to relevant authorities
Communication Strategy: Internal notice to employees urging vigilance against potential secondary damage
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes, Emergency security measures.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach KOR1766970764
Type of Data Compromised: Personal Information
Number of Records Exposed: 30,000
Sensitivity of Data: High (bank account numbers, names)
Personally Identifiable Information: Yes
Incident : Data Breach KC&KOR1766985380
Type of Data Compromised: Personal information
Sensitivity of Data: Low to moderate (names and phone numbers)
Personally Identifiable Information: Names and phone numbers
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Urged KC&D to analyze the incident and prevent recurrence.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by emergency security measures and safety check on service integrations with kc&d.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach KOR1766970764
Regulatory Notifications: Voluntarily reported to relevant authorities
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach KOR1766970764
Recommendations: Strengthen personal data protection posture, improve third-party vendor security oversight
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Strengthen personal data protection posture and improve third-party vendor security oversight.
References
Where can I find more information about each incident ?
Incident : Data Breach KOR1766970764
Source: Kim Kyung-mi
Incident : Data Breach KC&KOR1766985380
Source: Yonhap News Agency
Incident : Data Breach KC&KOR1766985380
Source: IANS
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Kim Kyung-mi, and Source: Yonhap News Agency, and Source: IANS.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach KOR1766970764
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Internal notice to employees, public statement via representative and Internal notice to employees urging vigilance against potential secondary damage.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach KOR1766970764
Stakeholder Advisories: Internal notice to employees, public statement via representative
Customer Advisories: None (no customer data affected)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Internal notice to employees, public statement via representative and None (no customer data affected).
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach KOR1766970764
Corrective Actions: Further analysis of breach details, prevention of recurrence
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Further analysis of breach details, prevention of recurrence.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Hacker group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names and bank account numbers and Names and phone numbers of employees.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Emergency security measures and safety check on service integrations with KC&D.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names and phone numbers of employees and Names and bank account numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 30.0K.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Strengthen personal data protection posture and improve third-party vendor security oversight.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Yonhap News Agency, IANS and Kim Kyung-mi.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Internal notice to employees, public statement via representative, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an None (no customer data affected).
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/floooh/sokol/commit/5d11344150973f15e16d3ec4ee7550a73fb995e0
- https://github.com/floooh/sokol/issues/1405
- https://github.com/floooh/sokol/issues/1406#issuecomment-3649548096
- https://github.com/oneafter/1212/blob/main/hbf1
- https://vuldb.com/?ctiid.338533
- https://vuldb.com/?id.338533
- https://vuldb.com/?submit.719823
Description
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=korean-air' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
