ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Ministry of Defence of India Company CyberSecurity Posture

onlinecareer360.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

The Government of India is responsible for ensuring the defence of India and every part thereof. The Supreme Command of the Armed Forces vests in the President. The responsibility for national defence rests with the Cabinet. This is discharged through the Ministry of Defence, which provides the policy framework and wherewithal to the Armed Forces to discharge their responsibilities in the context of the defence of the country. The Raksha Mantri (Defence Minister) is the head of the Ministry of Defence. The principal task of the Defence Ministry is to obtain policy directions of the Government on all defence and security related matters and communicate them for implementation to the Services Headquarters, Inter-Services Organisations, Production Establishments and Research and Development Organisations. It is also required to ensure effective implementation of the Government's policy directions and the execution of approved programmes within the allocated resources. Ministry of Defence comprises of four Departments viz. Department of Defence (DOD), Department of Defence Production (DDP), Department of Defence Research & Development (DDR&D) and Department of Ex-Servicemen Welfare and also Finance Division.

Ministry of Defence of India A.I CyberSecurity Scoring

MDI

Company Details

Linkedin ID:

ministry-of-defence_india

Website:

https://onlinecareer360.com/

Employees number:

5,199

Number of followers:

18,050

NAICS:

92

Industry Type:

Government Administration

Homepage:

onlinecareer360.com

IP Addresses:

0

Company ID:

MIN_2033262

Scan Status:

In-progress

AI scoreMDI Risk Score (AI oriented)

Between 700 and 749

https://images.rankiteo.com/companyimages/defaultcompany.jpeg
MDI Government Administration
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreMDI Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/defaultcompany.jpeg
MDI Government Administration
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

MDI Company CyberSecurity News & History

Past Incidents
2
Attack Types
2
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Ministry of Defence (MoD)Breach10072/2022
MIN907080725
Rankiteo Explanation :
Attack that could injure or kill people

Description: The Ministry of Defence (MoD) exposed the personal information of approximately 18,700 Afghans, including names and contact details, due to a catastrophic data leak. The breach occurred when an MoD official emailed a secret database to trusted contacts in February 2022. The leak was discovered after parts of the database were posted online in August 2023. The government attempted to keep the breach secret using a superinjunction, but eventually notified those affected. The breach has put lives at risk, particularly from Taliban reprisals, and has caused significant distress and safety concerns for the affected individuals, many of whom are still awaiting relocation to the UK.

Ministry of Defence of IndiaData Leak6033/2018
MIN1939622
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: A private vendor previously employed by the ministry of defense may have walked away with the personal data of 50 lakh ex-servicemen. ECHS was requested vide D/o ESW (Ex-servicemen welfare) aforesaid note dated 16.03.2018 for taking necessary action within three days on the issues raised by Commodore Batra (Retd). However, after lapsing the three days’ time, action taken report/status on the above subject is still awaited from CO, ECHS. ECHS cannot comment whether a copy of the same has been retained by the company or not.

Ministry of Defence (MoD)
Breach
Severity: 100
Impact: 7
Seen: 2/2022
Blog:
MIN907080725
Rankiteo Explanation
Attack that could injure or kill people

Description: The Ministry of Defence (MoD) exposed the personal information of approximately 18,700 Afghans, including names and contact details, due to a catastrophic data leak. The breach occurred when an MoD official emailed a secret database to trusted contacts in February 2022. The leak was discovered after parts of the database were posted online in August 2023. The government attempted to keep the breach secret using a superinjunction, but eventually notified those affected. The breach has put lives at risk, particularly from Taliban reprisals, and has caused significant distress and safety concerns for the affected individuals, many of whom are still awaiting relocation to the UK.

Ministry of Defence of India
Data Leak
Severity: 60
Impact: 3
Seen: 3/2018
Blog:
MIN1939622
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: A private vendor previously employed by the ministry of defense may have walked away with the personal data of 50 lakh ex-servicemen. ECHS was requested vide D/o ESW (Ex-servicemen welfare) aforesaid note dated 16.03.2018 for taking necessary action within three days on the issues raised by Commodore Batra (Retd). However, after lapsing the three days’ time, action taken report/status on the above subject is still awaited from CO, ECHS. ECHS cannot comment whether a copy of the same has been retained by the company or not.

Ailogo

MDI Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for MDI

Incidents vs Government Administration Industry Average (This Year)

No incidents recorded for Ministry of Defence of India in 2025.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Ministry of Defence of India in 2025.

Incident Types MDI vs Government Administration Industry Avg (This Year)

No incidents recorded for Ministry of Defence of India in 2025.

Incident History — MDI (X = Date, Y = Severity)

MDI cyber incidents detection timeline including parent company and subsidiaries

MDI Company Subsidiaries

SubsidiaryImage

The Government of India is responsible for ensuring the defence of India and every part thereof. The Supreme Command of the Armed Forces vests in the President. The responsibility for national defence rests with the Cabinet. This is discharged through the Ministry of Defence, which provides the policy framework and wherewithal to the Armed Forces to discharge their responsibilities in the context of the defence of the country. The Raksha Mantri (Defence Minister) is the head of the Ministry of Defence. The principal task of the Defence Ministry is to obtain policy directions of the Government on all defence and security related matters and communicate them for implementation to the Services Headquarters, Inter-Services Organisations, Production Establishments and Research and Development Organisations. It is also required to ensure effective implementation of the Government's policy directions and the execution of approved programmes within the allocated resources. Ministry of Defence comprises of four Departments viz. Department of Defence (DOD), Department of Defence Production (DDP), Department of Defence Research & Development (DDR&D) and Department of Ex-Servicemen Welfare and also Finance Division.

similarCompanies

MDI Similar Companies

Comunidad de Madrid
comunidad.madrid

Si necesitas información general y especializada sobre los servicios públicos madrileños puedes llamar al teléfono de Atención al Ciudadano 012. En la Comunidad de Madrid estamos encantados de recibir comentarios y favorecer el diálogo, por eso te proponemos unas normas básicas de participación:

Security Report Compare
Swiss Federal Administration
admin.ch

Working for Switzerland Seven departments, the Federal Chancellery and around 70 administrative units make up the Federal Administration. With around 38,000 employees, it is one of the largest employers in Switzerland. People from all regions of the country work in the Federal Administration un

Security Report Compare
State of Ohio
ohio.gov

Employment with the State of Ohio is more than ‘just a job’ – it is a privilege to serve our families, friends and neighbors who rely on us throughout our great state. We are a team of dedicated public servants committed to high performance, innovative thinking, and delivering excellent and efficien

Security Report Compare
Queensland Government
www.qld.gov.au

We are the largest and most diverse organisation in our state. We have more than 90 government departments and organisations providing essential services across 4000+ locations—from the Torres Strait to the Gold Coast; Mount Isa to Brisbane. We are passionate about making Queensland better through

Security Report Compare
Department of Education
education.vic.gov.au

The Department of Education is responsible for delivering the Victorian Government’s commitment to making Victoria the Education State, where all Victorians have the best learning and development experience, regardless of their background, postcode or circumstances. Education remains a cornerstone f

Security Report Compare
U.S. Department of Veterans Affairs
va.gov

Welcome to the United States Department of Veterans Affairs (VA) Official LinkedIn page. We're recruiting the finest employees to care for our #Veterans. Following/engagement ≠ signify VA endorsement. This is a moderated page, meaning that all comments will be reviewed for appropriate content. Ple

Security Report Compare
Malmö stad
malmo.se

Bli en samhällsbyggare – jobba i Malmö stad! Genom att arbeta i Malmö stad får du möjlighet att arbeta med hållbar samhällsutveckling. Som en samhällsbyggare spelar du en viktig roll i Malmös utveckling och därför ser vi oss som framtidens arbetsplats. Människors lika värde är en förutsättning fö

Security Report Compare
Assurance Maladie
ameli.fr

Travailler à l’Assurance Maladie, c’est donner une nouvelle dimension à votre métier et agir au quotidien pour la protection de notre système de santé. Participez à une grande diversité de projets dans un cadre bienveillant et soyez fier de contribuer à une mission essentielle : agir ensemble, prot

Security Report Compare
Vlaamse overheid
werkenvoorvlaanderen.be

Bij de Vlaamse overheid geef je elke dag opnieuw het beste van jezelf, in een job die een verschil maakt in de maatschappij. Pas afgestudeerd of al een aantal jaren professionele ervaring achter de rug? Op zoek naar een job als arbeider, bediende, leidinggevende, administratief medewerker, ingenie

Security Report Compare
newsone

MDI CyberSecurity News

November 17, 2025 08:00 AM
Thales, France's technological giant in defence, aerospace and cybersecurity

The industrial corporation is involved in major civil and military land, naval, air, space and cyber programmes worldwide.

Read Article
November 06, 2025 08:00 AM
Inside India and Israel’s push for AI, cybersecurity, and next-gen warfare tech - ET Edge Insights

When India and Israel convened the 17th Joint Working Group (JWG) meeting on defence cooperation in Tel Aviv this November, it wasn't just...

Read Article
November 05, 2025 08:00 AM
India And Israel Sign MoU To Deepen Defence Cooperation, Focus On Joint Development, Cyber Security And

Tel Aviv: India's Defence Secretary Rajesh Kumar Singh met Israeli Defence Minister Israel Katz in Tel Aviv on Tuesday, where both sides...

Read Article
November 05, 2025 06:49 AM
India and Israel Sign MoU to Strengthen Defense and Cybersecurity Cooperation

India and Israel sign a key MoU to deepen defense, AI, and cybersecurity cooperation, promoting co-development and shared technological innovation.

Read Article
November 04, 2025 08:00 AM
17th India-Israel Joint Working Group meeting on defence cooperation held in Tel Aviv

The 17 th meeting of Joint Working Group (JWG) on defence cooperation, co-chaired by Defence Secretary Shri Rajesh Kumar Singh and Director...

Read Article
October 17, 2025 07:00 AM
Globals Showcases MarCAP, a Tactical SOC-in-a-Box for Naval Cyber Defence, at Indian Navys Seminar on Impact of Cyber Attacks on Maritime Sector

New Delhi [India], October 17: Globals, a Bengaluru-headquartered cybersecurity and cyberwarfare solutions company, participated in the...

Read Article
October 16, 2025 07:00 AM
INDIAN NAVY SUCCESSFULLY ORGANISES SEMINAR ON ‘IMPACT OF CYBER ATTACKS ON MARITIME SECTOR AND ITS EFFECTS ON NATIONAL SECURITY AND INTERNATIONAL RELATIONS’

Indian Navy successfully organized a seminar on 'Impact of Cyber Attacks on Maritime Sector and Its Effects on National Security and...

Read Article
October 15, 2025 07:00 AM
INDIAN NAVY TO ORGANISE SEMINAR ON ‘IMPACT OF CYBER ATTACKS ON MARITIME SECTOR AND ITS EFFECTS ON NATIONAL SECURITY AND INTERNATIONAL RELATIONS’

INDIAN NAVY TO ORGANISE SEMINAR ON 'IMPACT OF CYBER ATTACKS ON MARITIME SECTOR AND ITS EFFECTS ON NATIONAL SECURITY AND INTERNATIONAL...

Read Article
September 24, 2025 07:00 AM
India and Morocco to Boost Military, Cyber, and Naval Cooperation

India and Morocco sign MoU to strengthen defense cooperation, cybersecurity, naval collaboration, and joint military training.

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

MDI CyberSecurity History Information

Official Website of Ministry of Defence of India

The official website of Ministry of Defence of India is https://onlinecareer360.com/.

Ministry of Defence of India’s AI-Generated Cybersecurity Score

According to Rankiteo, Ministry of Defence of India’s AI-generated cybersecurity score is 720, reflecting their Moderate security posture.

How many security badges does Ministry of Defence of India’ have ?

According to Rankiteo, Ministry of Defence of India currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Ministry of Defence of India have SOC 2 Type 1 certification ?

According to Rankiteo, Ministry of Defence of India is not certified under SOC 2 Type 1.

Does Ministry of Defence of India have SOC 2 Type 2 certification ?

According to Rankiteo, Ministry of Defence of India does not hold a SOC 2 Type 2 certification.

Does Ministry of Defence of India comply with GDPR ?

According to Rankiteo, Ministry of Defence of India is not listed as GDPR compliant.

Does Ministry of Defence of India have PCI DSS certification ?

According to Rankiteo, Ministry of Defence of India does not currently maintain PCI DSS compliance.

Does Ministry of Defence of India comply with HIPAA ?

According to Rankiteo, Ministry of Defence of India is not compliant with HIPAA regulations.

Does Ministry of Defence of India have ISO 27001 certification ?

According to Rankiteo,Ministry of Defence of India is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Ministry of Defence of India

Ministry of Defence of India operates primarily in the Government Administration industry.

Number of Employees at Ministry of Defence of India

Ministry of Defence of India employs approximately 5,199 people worldwide.

Subsidiaries Owned by Ministry of Defence of India

Ministry of Defence of India presently has no subsidiaries across any sectors.

Ministry of Defence of India’s LinkedIn Followers

Ministry of Defence of India’s official LinkedIn profile has approximately 18,050 followers.

NAICS Classification of Ministry of Defence of India

Ministry of Defence of India is classified under the NAICS code 92, which corresponds to Public Administration.

Ministry of Defence of India’s Presence on Crunchbase

No, Ministry of Defence of India does not have a profile on Crunchbase.

Ministry of Defence of India’s Presence on LinkedIn

Yes, Ministry of Defence of India maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ministry-of-defence_india.

Cybersecurity Incidents Involving Ministry of Defence of India

As of November 28, 2025, Rankiteo reports that Ministry of Defence of India has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

Ministry of Defence of India has an estimated 11,116 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Ministry of Defence of India ?

Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.

How does Ministry of Defence of India detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and containment measures with superinjunction to keep the breach secret, and remediation measures with email notifications to affected individuals, and recovery measures with relocation of affected individuals to the uk, and communication strategy with email notifications and public disclosure after lifting the superinjunction..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: Potential Data Breach Involving Personal Data of Ex-Servicemen

Description: A private vendor previously employed by the ministry of defense may have walked away with the personal data of 50 lakh ex-servicemen.

Date Detected: 2018-03-16

Type: Data Breach

Attack Vector: Insider Threat

Threat Actor: Private Vendor

Incident : Data Breach

measurementExposure impactImpact

Title: UK Ministry of Defence Data Leak

Description: A catastrophic data leak by the UK Ministry of Defence exposed the personal information of around 18,700 Afghans, including names and contact details. The breach occurred when an MoD official emailed a secret database to trusted contacts in February 2022. The leak was discovered after parts of the database were posted online in August 2023. The breach put many lives at risk, particularly from Taliban reprisals.

Date Detected: 2023-08

Date Publicly Disclosed: 2024

Type: Data Breach

Attack Vector: Human Error

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Private Vendor.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach MIN1939622

Data Compromised: Personal Data

Identity Theft Risk: High

Incident : Data Breach MIN907080725

Data Compromised: Personal information including names and contact details

Operational Impact: Increased risk to affected individuals, relocation of 16,000 Afghans to the UK

Brand Reputation Impact: Significant damage to trust in the UK government

Identity Theft Risk: High

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data and Personal information.

Which entities were affected by each incident ?

Incident : Data Breach MIN1939622

Entity Name: Ministry of Defense

Entity Type: Government

Industry: Defense

Customers Affected: 50 lakh ex-servicemen

Incident : Data Breach MIN907080725

Entity Name: UK Ministry of Defence

Entity Type: Government

Industry: Defense

Location: United Kingdom

Customers Affected: 18,700 Afghans

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach MIN907080725

Incident Response Plan Activated: Yes

Containment Measures: Superinjunction to keep the breach secret

Remediation Measures: Email notifications to affected individuals

Recovery Measures: Relocation of affected individuals to the UK

Communication Strategy: Email notifications and public disclosure after lifting the superinjunction

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes.

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach MIN1939622

Type of Data Compromised: Personal Data

Number of Records Exposed: 50 lakh

Sensitivity of Data: High

Personally Identifiable Information: Yes

Incident : Data Breach MIN907080725

Type of Data Compromised: Personal information

Number of Records Exposed: 18,700

Sensitivity of Data: High

Data Exfiltration: Yes

Personally Identifiable Information: Names and contact details

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Email notifications to affected individuals.

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by superinjunction to keep the breach secret.

Ransomware Information

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Relocation of affected individuals to the UK.

References

Where can I find more information about each incident ?

Incident : Data Breach MIN1939622

Source: ECHS

Date Accessed: 2018-03-16

Incident : Data Breach MIN907080725

Source: The Independent

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: ECHSDate Accessed: 2018-03-16, and Source: The Independent.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach MIN1939622

Investigation Status: Pending

Incident : Data Breach MIN907080725

Investigation Status: Ongoing

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Email notifications and public disclosure after lifting the superinjunction.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach MIN907080725

Customer Advisories: Email notifications to affected individuals

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Email notifications to affected individuals.

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach MIN1939622

Entry Point: Private Vendor

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach MIN907080725

Root Causes: Human error in emailing a secret database

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident was an Private Vendor.

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2018-03-16.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were Personal Data and Personal information including names and contact details.

Response to the Incidents

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Superinjunction to keep the breach secret.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal information including names and contact details and Personal Data.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 18.8K.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are The Independent and ECHS.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Pending.

Stakeholder and Customer Advisories

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued was an Email notifications to affected individuals.

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Private Vendor.

cve

Latest Global CVEs (Not Company-Specific)

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ministry-of-defence_india' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge