LUB
Company Details
Linkedin ID:
lguplus
Website:
Employees number:
9
Number of followers:
174
NAICS:
517
Industry Type:
Homepage:
lguplus.com
IP Addresses:
0
Company ID:
LG _3288734
Scan Status:
In-progress
LG Uplus Business Company CyberSecurity Posture
lguplus.com
.
LG Uplus Business A.I CyberSecurity Scoring
LUB Risk Score (AI oriented)Between 0 and 549
LUB
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
LUB Global Score (TPRM)XXXX
LUB
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
LUB Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
LG Uplus: KT faces action in South Korea after a femtocell security breach impacts users
Breach
Rankiteo Explanation
Attack without any consequences
Description: **KT Corp Faces Regulatory Action After Femtocell Security Breach Exposes Thousands in South Korea** On December 30, 2025, South Korean authorities held KT Corp accountable for a major mobile payment breach stemming from critical security flaws in its femtocell infrastructure. Investigators found that KT used identical, long-term authentication certificates across its femtocells—valid for a decade—allowing unauthorized devices to repeatedly access the network without re-verification. The breach exposed identifiers of over **22,000 users**, with **368 individuals** falling victim to unauthorized transactions totaling **243 million won (≈$180,000 USD)**. Further scrutiny revealed that **94 KT servers** were infected with **over 100 types of malware**, underscoring systemic security failures in the company’s femtocell management. Regulators concluded that KT neglected its obligation to provide secure telecommunications services, ordering the company to submit **detailed prevention plans** by June 2026 for compliance review. Authorities also urged mobile operators to **rotate authentication server addresses regularly** and **block illegal network access** to mitigate future risks. While some hacking techniques resembled a prior breach at **SK Telecom**, no direct link between the two incidents has been established. KT acknowledged the findings, pledging **compensation for affected users** and **enhanced security measures** rather than contesting the results. In a separate case, **LG Uplus** is under police referral after investigators discovered that compromised servers were discarded, preventing a full technical analysis. The South Korean government emphasized that **robust cybersecurity is now a national priority**, particularly as the country seeks to solidify its position as a global leader in AI and digital innovation.
LUB Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for LUB
Incidents vs Telecommunications Industry Average (This Year)
LG Uplus Business has 23.46% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
LG Uplus Business has 26.58% more incidents than the average of all companies with at least one recorded incident.
Incident Types LUB vs Telecommunications Industry Avg (This Year)
LG Uplus Business reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — LUB (X = Date, Y = Severity)
LUB cyber incidents detection timeline including parent company and subsidiaries
LUB Company Subsidiaries
.
Loading...
LUB Similar Companies
Vodafone
At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people's lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live, we protect the planet a
Ooredoo Group
We are an award-winning international communications company operating across the Middle East, North Africa and Southeast Asia. Serving consumers and businesses in 10 countries, we deliver a leading data experience through a broad range of content and services via our advanced, data-centric mob
We’re one of the world’s leading communications services companies. At BT Group, the solutions we sell are integral to modern life. Our purpose is as simple as it is ambitious: we connect for good. There are no limits to what people can do when they connect. And as technology changes our world, co
Lumen Technologies
Lumen connects the world. We digitally connect people, data and applications – quickly, securely and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security, and managed service capabilities, we
Telemont
Fundada em 1975, a Telemont Engenharia de Telecomunicações S/A é líder na prestação de serviços de implantação, manutenção e operação de redes de telecomunicações. São 7,7 milhões de acessos de voz, 3 milhões de ADSL e dados e 63 mil km de fibra óptica operados pela empresa. Através da Telemont I
stc
We are a forward-focused digital champion always been focused on innovation and evolution. Our purpose is to create and bring greater dimension and richness to people’s personal and professional lives. With stc, You will always be empowered to focus on delivering what’s next through collaborati
MTS Group
Mobile TeleSystems OJSC ("MTS") is the leading telecommunications group in Russia, Eastern Europe and Central Asia, offering mobile and fixed voice, broadband, pay TV as well as content and entertainment services in one of the world's fastest growing regions. Including its subsidiaries, as of Decemb
We believe it’s people who give purpose to our technology. So we’re committed to staying close to our customers and providing them the best experience. And delivering the best tech. On the best network. Because our purpose is to build a connected future so everyone can thrive. We build techno
Our 15 000 talented colleagues serve millions of customers every day in one of the world’s most connected regions. With a strong connectivity base, we’re the hub in the digital ecosystem, empowering people, companies and societies to stay in touch with everything that matters 24/7/365 - on their ter
.png)
LUB CyberSecurity News
December 29, 2025 08:54 AM
Ministry confirms KT, Uplus data breaches
We offer real-time business news in Korea, including earnings, M&A, IPO and regulatory filings, in English.
December 08, 2025 08:00 AM
LG Uplus’s AI voice call app glitch leaks user data
Posted by Harry Baldock | Dec 8, 2025 | TECHNOLOGY, COMPANY NEWS, People, AI, Governance, Customer, Asia-Pacific, Security, News. LG Uplus's AI voice call...
November 17, 2025 08:00 AM
Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials
A threat actor known as "888" has purportedly dumped sensitive data stolen from electronics giant LG Electronics, raising alarms in the...
November 03, 2025 08:00 AM
Korea's telecoms face leadership turmoil after hacking fiascos
Korea's top telecom companies — SK Telecom, KT and LG Uplus — are facing leadership turbulence following a series of massive hacking...
October 30, 2025 07:00 AM
Cybersecurity News: LG Uplus confirms breach, Conduent attack impacts 10M+, hackers exploit tools against Ukraine
LG Uplus, one of South Korea's largest telecoms, reported a suspected data breach to the country's cybersecurity agency KISA,...
October 30, 2025 07:00 AM
LG Uplus Reports Suspected Data Breach Amid Growing Cybersecurity Concerns in South Korea
LG Uplus, one of South Korea's largest telecommunications providers, has confirmed to TechCrunch that it has reported a suspected data...
October 29, 2025 07:00 AM
LG Uplus Confirms Cybersecurity Breach: South Korea Faces Another Telecom Hack
LG Uplus has confirmed a cybersecurity breach, joining SK Telecom and KT in South Korea's ongoing wave of telecom hacks.
October 29, 2025 07:00 AM
LG Uplus Breach Completes South Korea's Telecom Trifecta
LG Uplus confirmed a suspected data breach to Korea's cybersecurity watchdog KISA. □. All three major South Korean telecoms now hit by...
October 28, 2025 07:00 AM
LG Uplus is latest South Korean telco to confirm cybersecurity incident
Korean telecom giant LG Uplus is the third major phone provider in the past six months to report a cybersecurity incident.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
LUB CyberSecurity History Information
Official Website of LG Uplus Business
The official website of LG Uplus Business is http://www.lguplus.com.
LG Uplus Business’s AI-Generated Cybersecurity Score
According to Rankiteo, LG Uplus Business’s AI-generated cybersecurity score is 549, reflecting their Critical security posture.
How many security badges does LG Uplus Business’ have ?
According to Rankiteo, LG Uplus Business currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does LG Uplus Business have SOC 2 Type 1 certification ?
According to Rankiteo, LG Uplus Business is not certified under SOC 2 Type 1.
Does LG Uplus Business have SOC 2 Type 2 certification ?
According to Rankiteo, LG Uplus Business does not hold a SOC 2 Type 2 certification.
Does LG Uplus Business comply with GDPR ?
According to Rankiteo, LG Uplus Business is not listed as GDPR compliant.
Does LG Uplus Business have PCI DSS certification ?
According to Rankiteo, LG Uplus Business does not currently maintain PCI DSS compliance.
Does LG Uplus Business comply with HIPAA ?
According to Rankiteo, LG Uplus Business is not compliant with HIPAA regulations.
Does LG Uplus Business have ISO 27001 certification ?
According to Rankiteo,LG Uplus Business is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of LG Uplus Business
LG Uplus Business operates primarily in the Telecommunications industry.
Number of Employees at LG Uplus Business
LG Uplus Business employs approximately 9 people worldwide.
Subsidiaries Owned by LG Uplus Business
LG Uplus Business presently has no subsidiaries across any sectors.
LG Uplus Business’s LinkedIn Followers
LG Uplus Business’s official LinkedIn profile has approximately 174 followers.
NAICS Classification of LG Uplus Business
LG Uplus Business is classified under the NAICS code 517, which corresponds to Telecommunications.
LG Uplus Business’s Presence on Crunchbase
No, LG Uplus Business does not have a profile on Crunchbase.
LG Uplus Business’s Presence on LinkedIn
Yes, LG Uplus Business maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/lguplus.
Cybersecurity Incidents Involving LG Uplus Business
As of December 31, 2025, Rankiteo reports that LG Uplus Business has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
LG Uplus Business has an estimated 9,774 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at LG Uplus Business ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on LG Uplus Business ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $243 million.
How does LG Uplus Business detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with planned security upgrades, compensation arrangements, and communication strategy with public acknowledgment of findings, commitment to improvements..
Incident Details
Can you provide details on each incident ?
Title: KT Femtocell Security Breach Leading to Unauthorised Mobile Payments
Description: South Korea has blamed weak femtocell security at KT Corp for a major mobile payment breach that triggered thousands of unauthorised transactions. The mobile operator used identical authentication certificates across femtocells and allowed them to stay valid for ten years, enabling repeated unauthorized access. Over 22,000 users had identifiers exposed, and 368 people suffered unauthorised payments worth 243 million won. Investigators also found 94 KT servers infected with over 100 types of malware.
Date Detected: 2025-12-30
Date Publicly Disclosed: 2025-12-30
Type: Data Breach, Unauthorised Transactions, Malware Infection
Attack Vector: Femtocell Security Flaws, Weak Authentication Certificates
Vulnerability Exploited: Identical authentication certificates, prolonged certificate validity (10 years), inadequate network access controls
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Financial Loss: 243 million won (unauthorised payments)
Data Compromised: User identifiers, payment information
Systems Affected: Femtocells, 94 KT servers
Operational Impact: Inadequate security management, regulatory scrutiny
Brand Reputation Impact: Negative impact due to security failures and regulatory action
Legal Liabilities: Government action, potential fines, compensation obligations
Identity Theft Risk: High (exposed user identifiers)
Payment Information Risk: High (unauthorised transactions)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $243.00 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are User Identifiers, Payment Information and .
Which entities were affected by each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Entity Name: KT Corp
Entity Type: Telecommunications Operator
Industry: Telecommunications
Location: South Korea
Customers Affected: 22,000+ users (identifiers exposed), 368 users (unauthorised payments)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Remediation Measures: Planned security upgrades, compensation arrangements
Communication Strategy: Public acknowledgment of findings, commitment to improvements
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Type of Data Compromised: User identifiers, Payment information
Number of Records Exposed: 22,000+
Sensitivity of Data: High (personally identifiable information, financial data)
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Planned security upgrades, compensation arrangements.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Regulations Violated: Telecommunications security regulations (South Korea)
Legal Actions: Government order to submit prevention plans, compliance check in June 2026
Regulatory Notifications: Government warning to operators, referral of LG Uplus case to police
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Government order to submit prevention plans, compliance check in June 2026.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Lessons Learned: Inadequate femtocell security management, prolonged certificate validity, and lack of regular authentication updates can lead to major breaches. Strong information security is critical for national AI leadership.
What recommendations were made to prevent future incidents ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Recommendations: Change authentication server addresses regularly, Block illegal network access, Improve femtocell security management, Enhance server malware protection, Conduct regular security auditsChange authentication server addresses regularly, Block illegal network access, Improve femtocell security management, Enhance server malware protection, Conduct regular security auditsChange authentication server addresses regularly, Block illegal network access, Improve femtocell security management, Enhance server malware protection, Conduct regular security auditsChange authentication server addresses regularly, Block illegal network access, Improve femtocell security management, Enhance server malware protection, Conduct regular security auditsChange authentication server addresses regularly, Block illegal network access, Improve femtocell security management, Enhance server malware protection, Conduct regular security audits
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Inadequate femtocell security management, prolonged certificate validity, and lack of regular authentication updates can lead to major breaches. Strong information security is critical for national AI leadership.
References
Where can I find more information about each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Source: Government of South Korea
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Government of South Korea.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Investigation Status: Completed (findings accepted by KT)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public acknowledgment of findings and commitment to improvements.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Stakeholder Advisories: Government urges operators to prioritize security, warns of survival risks in AI-driven economy
Customer Advisories: Compensation arrangements and security upgrades to be announced by KT
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Government urges operators to prioritize security, warns of survival risks in AI-driven economy and Compensation arrangements and security upgrades to be announced by KT.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach, Unauthorised Transactions, Malware Infection LGU1767124813
Root Causes: Identical Authentication Certificates Across Femtocells, Prolonged Certificate Validity (10 Years), Inadequate Network Access Controls, Poor Server Security (Malware Infections),
Corrective Actions: Submit Detailed Prevention Plans To Government, Implement Security Upgrades, Announce Compensation For Affected Users, Regularly Change Authentication Server Addresses, Block Illegal Network Access,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Submit Detailed Prevention Plans To Government, Implement Security Upgrades, Announce Compensation For Affected Users, Regularly Change Authentication Server Addresses, Block Illegal Network Access, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-12-30.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-12-30.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was 243 million won (unauthorised payments).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were User identifiers and payment information.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were User identifiers and payment information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 22.0K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Government order to submit prevention plans, compliance check in June 2026.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Inadequate femtocell security management, prolonged certificate validity, and lack of regular authentication updates can lead to major breaches. Strong information security is critical for national AI leadership.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Conduct regular security audits, Block illegal network access, Change authentication server addresses regularly, Enhance server malware protection and Improve femtocell security management.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Government of South Korea.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (findings accepted by KT).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Government urges operators to prioritize security, warns of survival risks in AI-driven economy, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Compensation arrangements and security upgrades to be announced by KT.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit for DoS protection are vulnerable. DetailsThe arrayLimit option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoCTest 1 - Basic bypass: npm install qs const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Test 2 - DoS demonstration: const qs = require('qs'); const attack = 'a[]=' + Array(10000).fill('x').join('&a[]='); const result = qs.parse(attack, { arrayLimit: 100 }); console.log(result.a.length); // Output: 10000 (should be max 100) Configuration: * arrayLimit: 5 (test 1) or arrayLimit: 100 (test 2) * Use bracket notation: a[]=value (not indexed a[0]=value) ImpactDenial of Service via memory exhaustion. Affects applications using qs.parse() with user-controlled input and arrayLimit for protection. Attack scenario: * Attacker sends HTTP request: GET /api/search?filters[]=x&filters[]=x&...&filters[]=x (100,000+ times) * Application parses with qs.parse(query, { arrayLimit: 100 }) * qs ignores limit, parses all 100,000 elements into array * Server memory exhausted → application crashes or becomes unresponsive * Service unavailable for all users Real-world impact: * Single malicious request can crash server * No authentication required * Easy to automate and scale * Affects any endpoint parsing query strings with bracket notation
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through 1.4.2.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=lguplus' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
