ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Morton LTC Company CyberSecurity Posture

mortonltc.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Morton LTC is an independent fourth-generation family-owned Wisconsin pharmacy. In 2011 Morton Pharmacy restructured to focus entirely on providing pharmacy solutions to long term care providers. Morton LTC offers its customers the expertise of knowledgeable directly-employed consultant pharmacists coupled with leading edge technogoly and a friendly, effiecient customer service team.

Morton LTC A.I CyberSecurity Scoring

Morton LTC

Company Details

Linkedin ID:

morton-ltc

Website:

http://mortonltc.com

Employees number:

38

Number of followers:

189

NAICS:

3254

Industry Type:

Pharmaceutical Manufacturing

Homepage:

mortonltc.com

IP Addresses:

0

Company ID:

MOR_2672789

Scan Status:

In-progress

AI scoreMorton LTC Risk Score (AI oriented)

Between 600 and 649

https://images.rankiteo.com/companyimages/morton-ltc.jpeg
Morton LTC Pharmaceutical Manufacturing
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreMorton LTC Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/morton-ltc.jpeg
Morton LTC Pharmaceutical Manufacturing
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Morton LTC Company CyberSecurity News & History

Past Incidents
2
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Morton LTC: Morton Drug Company Data Breach Claims Investigated by Lynch CarpenterBreach85412/2025
MOR1765232510
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: PITTSBURGH, Dec. 08, 2025 (GLOBE NEWSWIRE) -- Morton Drug Company (“MDC”),1 recently announced a cybersecurity incident , which impacted the personal information of over forty thousand individuals. Lynch Carpenter, LLP is investigating claims against MDC related to this data breach. For an attorney to review your case, visit our site HERE . In the incident, an unauthorized person gained access to MDC’s network and may have acquired records containing personally identifiable information (“PII”) and protected health information (“PHI”) that includes individuals’ names in combination with: address prescription information Social Security number If your information was impacted in this incident, you may be entitled to compensation. For an attorney to review your case, visit our site HERE . If you have received any other data breach notice letters in the last 30 days, please contact us here . About Lynch Carpenter Lynch Carpenter is a national class action law firm with offices in Pennsylvania, California, and Illinois. Our firm has represented millions of clients in data privacy matters for more than a decade and has earned national acclaim for complex litigation for plaintiffs across the country. To learn more, please visit www.lynchcarpenter.com . For more information, please call Jerry Wells at (412) 322-9243, or email him at [email protected] . CONTACT Jerry Wells COMPANY Lynch Carpenter LLP PHONE (412) 322-9243 EMAIL [email protected] WEB lynchcarpenter.com

Morton LTC: Morton Drug Data Breach Lawsuit InvestigationBreach8548/2025
MOR1764807261
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Morton Drug Company data breach. If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation. About Morton Drug Company Morton Drug Company is an independent, family-owned pharmacy based in Neenah, Wisconsin. Founded in 1932, the company has a long history of providing pharmacy solutions, especially to long-term care providers. Morton Drug Company offers its customers the expertise of directly employed consultant pharmacists, supported by modern technology and a dedicated customer service team. What happened? On or about Aug. 20, 2025, Morton Drug Company discovered a network security incident that impacted its IT systems. The company immediately engaged third-party cybersecurity experts to assess, contain and remediate the situation, and law enforcement was also notified. After a thorough investigation, which concluded around Oct. 21, 2025, Morton Drug Company determined that both personally identifiable information (PII) and protected health information (PHI) were compromised. So far, the breach has impacted at least 40,051 people in the U.S. Possible Information Exposed Names Addresses Medical information Social Security numbers The company posted a notice of data security incident on its website on Nov. 7, 2025, and disclosed the breach

Morton LTC: Morton Drug Company Data Breach Claims Investigated by Lynch Carpenter
Breach
Severity: 85
Impact: 4
Seen: 12/2025
Blog:
MOR1765232510
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: PITTSBURGH, Dec. 08, 2025 (GLOBE NEWSWIRE) -- Morton Drug Company (“MDC”),1 recently announced a cybersecurity incident , which impacted the personal information of over forty thousand individuals. Lynch Carpenter, LLP is investigating claims against MDC related to this data breach. For an attorney to review your case, visit our site HERE . In the incident, an unauthorized person gained access to MDC’s network and may have acquired records containing personally identifiable information (“PII”) and protected health information (“PHI”) that includes individuals’ names in combination with: address prescription information Social Security number If your information was impacted in this incident, you may be entitled to compensation. For an attorney to review your case, visit our site HERE . If you have received any other data breach notice letters in the last 30 days, please contact us here . About Lynch Carpenter Lynch Carpenter is a national class action law firm with offices in Pennsylvania, California, and Illinois. Our firm has represented millions of clients in data privacy matters for more than a decade and has earned national acclaim for complex litigation for plaintiffs across the country. To learn more, please visit www.lynchcarpenter.com . For more information, please call Jerry Wells at (412) 322-9243, or email him at [email protected] . CONTACT Jerry Wells COMPANY Lynch Carpenter LLP PHONE (412) 322-9243 EMAIL [email protected] WEB lynchcarpenter.com

Morton LTC: Morton Drug Data Breach Lawsuit Investigation
Breach
Severity: 85
Impact: 4
Seen: 8/2025
Blog:
MOR1764807261
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Morton Drug Company data breach. If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation. About Morton Drug Company Morton Drug Company is an independent, family-owned pharmacy based in Neenah, Wisconsin. Founded in 1932, the company has a long history of providing pharmacy solutions, especially to long-term care providers. Morton Drug Company offers its customers the expertise of directly employed consultant pharmacists, supported by modern technology and a dedicated customer service team. What happened? On or about Aug. 20, 2025, Morton Drug Company discovered a network security incident that impacted its IT systems. The company immediately engaged third-party cybersecurity experts to assess, contain and remediate the situation, and law enforcement was also notified. After a thorough investigation, which concluded around Oct. 21, 2025, Morton Drug Company determined that both personally identifiable information (PII) and protected health information (PHI) were compromised. So far, the breach has impacted at least 40,051 people in the U.S. Possible Information Exposed Names Addresses Medical information Social Security numbers The company posted a notice of data security incident on its website on Nov. 7, 2025, and disclosed the breach

Ailogo

Morton LTC Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Morton LTC

Incidents vs Pharmaceutical Manufacturing Industry Average (This Year)

Morton LTC has 150.0% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Morton LTC has 207.69% more incidents than the average of all companies with at least one recorded incident.

Incident Types Morton LTC vs Pharmaceutical Manufacturing Industry Avg (This Year)

Morton LTC reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.

Incident History — Morton LTC (X = Date, Y = Severity)

Morton LTC cyber incidents detection timeline including parent company and subsidiaries

Morton LTC Company Subsidiaries

SubsidiaryImage

Morton LTC is an independent fourth-generation family-owned Wisconsin pharmacy. In 2011 Morton Pharmacy restructured to focus entirely on providing pharmacy solutions to long term care providers. Morton LTC offers its customers the expertise of knowledgeable directly-employed consultant pharmacists coupled with leading edge technogoly and a friendly, effiecient customer service team.

similarCompanies

Morton LTC Similar Companies

Catalent
catalent.com

Championing the missions that matter™. Catalent, Inc. is a leading global contract development and manufacturing organization (CDMO) and trusted partner to pharma, biotech, and consumer health companies worldwide. We put patients first in everything we do, helping people live better and healthier li

Security Report Compare

EMS is the leading pharmaceutical company in Brazil. Established since 45 years and with 100% national capital, the company has two industrial plants strategically placed in São Bernardo do Campo and Hortolândia, in the state of São Paulo. With a work based on daring, simplicity, excellence and res

Security Report Compare
Ipca Laboratories Limited
ipca.com

A consumer-led global pharmaceutical company, creating healthy doses of life since 1949. When you operate in an industry like pharmaceuticals, your work goes way beyond creating ‘products for customers’. It is different from any other domain – there lies a higher sense of responsibiliti and a need

Security Report Compare
Grifols
linktr.ee

Grifols is a global healthcare company founded in Barcelona in 1909 committed to improving the health and well-being of people all over the world. A leader in essential plasma-derived medicines and transfusion medicine, we develop, produce and provide innovative healthcare services and solutions i

Security Report Compare
Novartis
novartis.com

Novartis is an innovative medicines company. Every day, working to reimagine medicine to improve and extend people’s lives so that patients, healthcare professionals and societies are empowered in the face of serious disease. Our medicines reach more than 250 million people worldwide. Find out mor

Security Report Compare
Merck Group
merckgroup.com

This channel is not intended for U.S. and Canadian visitors. Merck operates in the U.S. and Canada as EMD Serono in Healthcare, MilliporeSigma in Life Science and EMD Electronics in Electronics. An unaffiliated and unrelated company, Merck & Co., Inc., Kenilworth, NJ, US holds the rights in the trad

Security Report Compare
Takeda
takeda.com

We strive to transform lives. While the science we advance is constantly evolving, our core purpose is enduring. For more than two centuries, our values have guided us to do what’s right for patients and for society. We know that changing lives requires us to do things differently. We start by list

Security Report Compare
Eli Lilly and Company
lilly.com

We're a medicine company turning science into healing to make life better for people around the world. It all started nearly 150 years ago with a clear vision from founder Colonel Eli Lilly: "Take what you find here and make it better and better." Harnessing the power of biotechnology, chemistry and

Security Report Compare
MANKIND PHARMA LTD
mankindpharma.com

Mankind Pharma, one of the top 5 leading pharmaceutical companies in India, started its journey in 1995. Today, we have an employee base of over 20,000 and are racing towards $1 Billion. At Mankind, we aspire to aid the community in leading a healthy life by formulating, developing, commercializing,

Security Report Compare
newsone

Morton LTC CyberSecurity News

November 14, 2025 08:00 AM
Morton Drug Company Data Breach Investigation

Strauss Borrelli PLLC, a leading data breach law firm, is investigating Morton LTC, which does business as Morton Drug Company (“Morton”),...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Morton LTC CyberSecurity History Information

Official Website of Morton LTC

The official website of Morton LTC is http://mortonltc.com.

Morton LTC’s AI-Generated Cybersecurity Score

According to Rankiteo, Morton LTC’s AI-generated cybersecurity score is 604, reflecting their Poor security posture.

How many security badges does Morton LTC’ have ?

According to Rankiteo, Morton LTC currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Morton LTC have SOC 2 Type 1 certification ?

According to Rankiteo, Morton LTC is not certified under SOC 2 Type 1.

Does Morton LTC have SOC 2 Type 2 certification ?

According to Rankiteo, Morton LTC does not hold a SOC 2 Type 2 certification.

Does Morton LTC comply with GDPR ?

According to Rankiteo, Morton LTC is not listed as GDPR compliant.

Does Morton LTC have PCI DSS certification ?

According to Rankiteo, Morton LTC does not currently maintain PCI DSS compliance.

Does Morton LTC comply with HIPAA ?

According to Rankiteo, Morton LTC is not compliant with HIPAA regulations.

Does Morton LTC have ISO 27001 certification ?

According to Rankiteo,Morton LTC is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Morton LTC

Morton LTC operates primarily in the Pharmaceutical Manufacturing industry.

Number of Employees at Morton LTC

Morton LTC employs approximately 38 people worldwide.

Subsidiaries Owned by Morton LTC

Morton LTC presently has no subsidiaries across any sectors.

Morton LTC’s LinkedIn Followers

Morton LTC’s official LinkedIn profile has approximately 189 followers.

NAICS Classification of Morton LTC

Morton LTC is classified under the NAICS code 3254, which corresponds to Pharmaceutical and Medicine Manufacturing.

Morton LTC’s Presence on Crunchbase

No, Morton LTC does not have a profile on Crunchbase.

Morton LTC’s Presence on LinkedIn

Yes, Morton LTC maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/morton-ltc.

Cybersecurity Incidents Involving Morton LTC

As of December 10, 2025, Rankiteo reports that Morton LTC has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

Morton LTC has an estimated 5,367 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Morton LTC ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

How does Morton LTC detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and third party assistance with cybersecurity experts engaged, and law enforcement notified with yes, and communication strategy with notice of data security incident posted on company website..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: Morton Drug Company Data Breach Investigation

Description: Morton Drug Company discovered a network security incident that impacted its IT systems, leading to the exposure of personally identifiable information (PII) and protected health information (PHI). The breach affected at least 40,051 people in the U.S.

Date Detected: 2025-08-20

Date Publicly Disclosed: 2025-11-07

Date Resolved: 2025-10-21

Type: Data Breach

Incident : Data Breach

measurementExposure impactImpact

Title: Morton Drug Company Data Breach

Description: Morton Drug Company (MDC) announced a cybersecurity incident impacting the personal information of over forty thousand individuals. An unauthorized person gained access to MDC’s network and may have acquired records containing personally identifiable information (PII) and protected health information (PHI).

Date Publicly Disclosed: 2025-12-08

Type: Data Breach

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach MOR1764807261

Data Compromised: Personally identifiable information (PII) and protected health information (PHI)

Systems Affected: IT systems

Identity Theft Risk: High

Incident : Data Breach MOR1765232510

Data Compromised: Personally identifiable information (PII) and protected health information (PHI)

Identity Theft Risk: High

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Protected Health Information (Phi), , Personally Identifiable Information (Pii), Protected Health Information (Phi) and .

Which entities were affected by each incident ?

Incident : Data Breach MOR1764807261

Entity Name: Morton Drug Company

Entity Type: Pharmacy

Industry: Healthcare/Pharmaceutical

Location: Neenah, Wisconsin, USA

Customers Affected: 40,051

Incident : Data Breach MOR1765232510

Entity Name: Morton Drug Company (MDC)

Entity Type: Company

Industry: Healthcare/Pharmaceutical

Location: Pittsburgh

Customers Affected: 40,000+

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach MOR1764807261

Incident Response Plan Activated: Yes

Third Party Assistance: Cybersecurity experts engaged

Law Enforcement Notified: Yes

Communication Strategy: Notice of data security incident posted on company website

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes.

How does the company involve third-party assistance in incident response ?

Third-Party Assistance: The company involves third-party assistance in incident response through Cybersecurity experts engaged.

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach MOR1764807261

Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)

Number of Records Exposed: 40,051

Sensitivity of Data: High

Personally Identifiable Information: NamesAddressesSocial Security numbersMedical information

Incident : Data Breach MOR1765232510

Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)

Number of Records Exposed: 40,000+

Sensitivity of Data: High

Personally Identifiable Information: NameAddressSocial Security numberPrescription information

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Data Breach MOR1765232510

Legal Actions: Investigation by Lynch Carpenter, LLP

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Investigation by Lynch Carpenter, LLP.

References

Where can I find more information about each incident ?

Incident : Data Breach MOR1764807261

Source: Morton Drug Company Notice of Data Security Incident

Date Accessed: 2025-11-07

Incident : Data Breach MOR1765232510

Source: Globe Newswire

Date Accessed: 2025-12-08

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Morton Drug Company Notice of Data Security IncidentDate Accessed: 2025-11-07, and Source: Globe NewswireDate Accessed: 2025-12-08.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach MOR1764807261

Investigation Status: Concluded

Incident : Data Breach MOR1765232510

Investigation Status: Ongoing (Lynch Carpenter, LLP)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notice of data security incident posted on company website.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach MOR1764807261

Customer Advisories: Notice of data security incident posted on company website

Incident : Data Breach MOR1765232510

Customer Advisories: Individuals impacted may be entitled to compensation. Visit Lynch Carpenter's site for case review.

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notice of data security incident posted on company website and Individuals impacted may be entitled to compensation. Visit Lynch Carpenter's site for case review..

Post-Incident Analysis

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity experts engaged.

Additional Questions

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2025-08-20.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-12-08.

What was the most recent incident resolved ?

Most Recent Incident Resolved: The most recent incident resolved was on 2025-10-21.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were Personally identifiable information (PII) and protected health information (PHI) and Personally identifiable information (PII) and protected health information (PHI).

Response to the Incidents

What third-party assistance was involved in the most recent incident ?

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Cybersecurity experts engaged.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Personally identifiable information (PII) and protected health information (PHI).

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 80.1K.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Investigation by Lynch Carpenter, LLP.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Globe Newswire and Morton Drug Company Notice of Data Security Incident.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Concluded.

Stakeholder and Customer Advisories

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued were an Notice of data security incident posted on company website and Individuals impacted may be entitled to compensation. Visit Lynch Carpenter's site for case review.

cve

Latest Global CVEs (Not Company-Specific)

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML <option> elements without proper escaping. This issue is fixed in version 3.5.5.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirect GET parameter. As a result, unauthenticated remote attacker can execute malicious JS code on Zitadel users’ browsers. To carry out an attack, multiple user sessions need to be active in the same browser, however, account takeover is mitigated when using Multi-Factor Authentication (MFA) or Passwordless authentication. This issue is fixed in version 4.7.1.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
References
Description

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
Description

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Published
Date
2025-12-09
Updated
Date
2025-12-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=morton-ltc' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge