Comparison Overview

Rocky Mountain Crisis Partners, formerly Metro Crisis Services

VS

Olive Tree Family Counseling, PLLC

Rocky Mountain Crisis Partners, formerly Metro Crisis Services

PO Box 460695, Denver, Colorado, 80246, US
Last Update: 2026-01-22
View Profile
Between 750 and 799
http://www.rmcrisispartners.org/

Rocky Mountain Crisis Partners, a legal trade name of Metro Crisis Services, Inc., is a statewide, 24/7, year-round, community-based system of crisis intervention services from which people experiencing mental health and/or substance abuse crises can be assessed, safely and effectively stabilized, and efficiently linked to appropriate follow-up care and services. RMCP was created nearly five years ago out to fill a unique void in mental health and substance abuse treatment that is in-the-moment crisis care. Rocky Mountain Crisis Partners provides its telephonic services to Colorado free of charge – services like in-the-moment stabilization, early intervention, peer (lived-experience) support, first responder triage and support, and referral into ongoing treatment to all Coloradans – regardless of geography, income, race, gender, etc. RMCP is the local National Suicide Prevention Lifeline provider, the provider of the statewide Colorado Crisis and Support Line, is the only service of its kind in the state, and is often times the only behavioral healthcare resource accessible for Coloradans. We believe that whether it is the first or one of many experiences, if treated in an atmosphere of respect and compassion, crisis can be a unique opportunity for individuals and families to connect to life changing treatment, support and education. Potential Field of Work: Crisis Clinician - Counseling, Pscyhology, Social Work, Behavioral Health Services, Crisis Services Peer Support Specialists - Support and Counseling for those with lived behavioral health experience and those living in recovery IT / Data Support - Call Center operations Fundraising and Special Events - grant and donor development, special event management

NAICS: 621
NAICS Definition:
Employees: 142
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
View Profile

Olive Tree Family Counseling, PLLC

2800 Neuse Blvd, None, New Bern, NC, US, 28562
Last Update: 2026-01-22
Between 750 and 799
www.OliveTreeFamilyCounseling.com

The mission of Olive Tree Family counseling is to develop healthy professional relationships with those who seek our services and use psychotherapeutic interventions to assist these individuals, couples, and families to overcome their struggles and establish peace as they define it. Olive Tree Family Counseling is a faith-based organization in the Christian tradition. We recognize that God gives all people a choice to believe or not believe in Him, and we respect the rights of others to affirm other religious belief systems including those who do not affirm any faith or belief system. We value the people who seek our services, and we will help them identify their goals, develop an action-oriented plan to achieve those goals, and provide support, encouragement, and affirmation. We value the multi-disciplinary team members who work at OTFC, and the OTFC administration will provide quality leadership and inspirational motivation for the team members to use their talents with rewards for success and excellence. At OTFC, we value and will utilize evidenced-based counseling and supervision services as well as honest billing practices. We value partnerships with other organizations to ensure the community has access to quality mental health care. We value sustained and expanding growth through the provision of value-adding consumer services that produce a reasonable profit and compensation for the team members. We value integrity and expect that all individuals linked with OTFC will represent OTFC with honesty and unconditional compliance with the laws of NC that govern the provision of psychotherapeutic services, the codes of ethics for the individual team member’s discipline, and the policies and procedures of Olive Tree Family Counseling, PLLC.

NAICS: 62133
NAICS Definition: Offices of Mental Health Practitioners (except Physicians)
Employees: 15
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/metro-crisis-services.jpeg
Rocky Mountain Crisis Partners, formerly Metro Crisis Services
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/olivetreefamilycounseling.jpeg
Olive Tree Family Counseling, PLLC
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Rocky Mountain Crisis Partners, formerly Metro Crisis Services
100%
Compliance Rate
0/4 Standards Verified
Olive Tree Family Counseling, PLLC
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Mental Health Care Industry Average (This Year)

No incidents recorded for Rocky Mountain Crisis Partners, formerly Metro Crisis Services in 2026.

Incidents vs Mental Health Care Industry Average (This Year)

No incidents recorded for Olive Tree Family Counseling, PLLC in 2026.

Incident History — Rocky Mountain Crisis Partners, formerly Metro Crisis Services (X = Date, Y = Severity)

Rocky Mountain Crisis Partners, formerly Metro Crisis Services cyber incidents detection timeline including parent company and subsidiaries

Incident History — Olive Tree Family Counseling, PLLC (X = Date, Y = Severity)

Olive Tree Family Counseling, PLLC cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/metro-crisis-services.jpeg
Rocky Mountain Crisis Partners, formerly Metro Crisis Services
Incidents

No Incident

https://images.rankiteo.com/companyimages/olivetreefamilycounseling.jpeg
Olive Tree Family Counseling, PLLC
Incidents

No Incident

FAQ

Olive Tree Family Counseling, PLLC company demonstrates a stronger AI Cybersecurity Score compared to Rocky Mountain Crisis Partners, formerly Metro Crisis Services company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Historically, Olive Tree Family Counseling, PLLC company has disclosed a higher number of cyber incidents compared to Rocky Mountain Crisis Partners, formerly Metro Crisis Services company.

In the current year, Olive Tree Family Counseling, PLLC company and Rocky Mountain Crisis Partners, formerly Metro Crisis Services company have not reported any cyber incidents.

Neither Olive Tree Family Counseling, PLLC company nor Rocky Mountain Crisis Partners, formerly Metro Crisis Services company has reported experiencing a ransomware attack publicly.

Neither Olive Tree Family Counseling, PLLC company nor Rocky Mountain Crisis Partners, formerly Metro Crisis Services company has reported experiencing a data breach publicly.

Neither Olive Tree Family Counseling, PLLC company nor Rocky Mountain Crisis Partners, formerly Metro Crisis Services company has reported experiencing targeted cyberattacks publicly.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services company nor Olive Tree Family Counseling, PLLC company has reported experiencing or disclosing vulnerabilities publicly.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services nor Olive Tree Family Counseling, PLLC holds any compliance certifications.

Neither company holds any compliance certifications.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services company nor Olive Tree Family Counseling, PLLC company has publicly disclosed detailed information about the number of their subsidiaries.

Rocky Mountain Crisis Partners, formerly Metro Crisis Services company employs more people globally than Olive Tree Family Counseling, PLLC company, reflecting its scale as a Mental Health Care.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services nor Olive Tree Family Counseling, PLLC holds SOC 2 Type 1 certification.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services nor Olive Tree Family Counseling, PLLC holds SOC 2 Type 2 certification.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services nor Olive Tree Family Counseling, PLLC holds ISO 27001 certification.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services nor Olive Tree Family Counseling, PLLC holds PCI DSS certification.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services nor Olive Tree Family Counseling, PLLC holds HIPAA certification.

Neither Rocky Mountain Crisis Partners, formerly Metro Crisis Services nor Olive Tree Family Counseling, PLLC holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers. This vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later. Some workarounds are available. Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects, ensure allowed hosts do not have open redirect vulnerabilities, and/or use network-level controls to block access from Backstage to sensitive internal endpoints.

Published
Date
2026-01-21
Updated
Date
2026-01-21
Risk Information
cvss3
Base: 3.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
References
Description

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users.

Published
Date
2026-01-21
Updated
Date
2026-01-21
Risk Information
cvss3
Base: 6.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References
Description

Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access.

Published
Date
2026-01-21
Updated
Date
2026-01-21
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L
References
Description

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. All users relying on verify_key() for API key authentication prior to the fix are affected. Users should upgrade to version 1.1.0 to receive a patch. The patch applies a uniform random delay (min_delay to max_delay) to all responses regardless of outcome, eliminating the timing correlation. Some workarounds are available. Add an application-level fixed delay or random jitter to all authentication responses (success and failure) before the fix is applied and/or use rate limiting to reduce the feasibility of statistical timing attacks.

Published
Date
2026-01-21
Updated
Date
2026-01-21
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References
Description

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue.

Published
Date
2026-01-21
Updated
Date
2026-01-21
Risk Information
cvss3
Base: 5.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References