Securenet Solutions
Company Details
Linkedin ID:
securenet-solutions
Website:
Employees number:
16
Number of followers:
1,648
NAICS:
541514
Industry Type:
Homepage:
securenet.co.il
IP Addresses:
0
Company ID:
SEC_8626982
Scan Status:
In-progress
Securenet Solutions Company CyberSecurity Posture
securenet.co.il
Securenet Solutions is a leading Israeli consulting and integrated security solutions provider for Data Security and Cyber technologies and solutions. With a team of experts and professionals, Securenet Solutions provides advanced, innovative solutions that address the entire range of enterprise information security needs, starting with consulting, going through survey and planning to implementation of information security systems and cyber services Securenet was founded in 1999 and have about 40 expert professionals. Securenet activity was merged into Aman group, now as Securenet Solutions, leading the Cybersecurity services builds on extensive technical knowledge and skills of employees, along with other data security solutions such as Securing Data in-rest and at-move, planning and establishing Public Key Infrastructures (PKI) and other complex security solutions for the Israeli market. Our solutions, commencing from the characterization stage, through implementation and integration in organizational procedures, cover a wide and comprehensive list of data security issues, including: • Organizational services access control • Strong identification for organizational users • Mechanisms for transferring sensitive data within and outside the organization • Security for smartphones and tablets • Content screening systems • Mail screening and encoding systems • Data leakage prevention and classification systems • Organizational IPS and Firewall solutions • Organizational Antivirus and Sandbox systems • SCADA protection and control systems • Installation management and end station security systems • SIEM systems • Public Key Infrastructure (PKI) systems • Data security consulting and support on all levels • Development of code and writing procedures for various platforms such as Microsoft, CyberArk, Citrix, PKI and more. • Intra-organizational cyber systems
Securenet Solutions A.I CyberSecurity Scoring
Securenet Solutions Risk Score (AI oriented)Between 650 and 699
Securenet Solutions
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Securenet Solutions Global Score (TPRM)XXXX
Securenet Solutions
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Securenet Solutions Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
SecureNet Solutions
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In April 2023, SecureNet Solutions, a cybersecurity service provider, experienced a significant data breach when a group of cybercriminals managed to infiltrate their systems through a malware attack. The breach led to the leak of personal information of both employees and customers including names, addresses, and payment details. The attackers exploited a known vulnerability that had not been patched in time. Although the company detected the breach quickly and took steps to mitigate further damage, the stolen data was substantial enough to pose a risk of identity theft and financial fraud. The attack drew considerable media attention, which not only impacted the company’s reputation but also led to a loss of customer trust. SecureNet Solutions is currently cooperating with authorities and has notified all affected parties, offering credit monitoring services to customers at risk.
SecureNet Solutions
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In April 2023, SecureNet Solutions experienced a significant cybersecurity incident classified as a 'Cyber Attack' with the 'Attack threatening the organization’s existence' impact level. Malware was deployed in the company's network infrastructure, leading to the exposure and encryption of sensitive customer and employee data. The attackers demanded a ransom, threatened to sell the data on the dark web, and caused substantial operational disruption, including the shutdown of online services. An investigation revealed that the breach was due to unpatched vulnerabilities that had been previously identified but not addressed in a timely manner.
SecureNet Solutions
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In July 2023, SecureNet Solutions, a leading cybersecurity firm, fell victim to a sophisticated ransomware attack. The attackers exploited a known vulnerability that had not yet been patched by SecureNet's IT team. This lapse in cybersecurity defense allowed the cybercriminals to encrypt critical customer data, including sensitive financial information and personal identification details. Despite SecureNet Solutions' robust incident response protocol, the breach caused significant downtime for their services, leading to a loss of trust among their clientele. The attackers demanded a substantial ransom for the decryption key; however, SecureNet chose to restore the data from backups. This incident highlighted the importance of timely software updates and continuous monitoring. It also underscored the ever-present threat to firms in the cybersecurity industry, marking a pivotal moment for SecureNet Solutions to reassess and strengthen their security posture.
Securenet Solutions Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Securenet Solutions
Incidents vs Computer and Network Security Industry Average (This Year)
No incidents recorded for Securenet Solutions in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Securenet Solutions in 2025.
Incident Types Securenet Solutions vs Computer and Network Security Industry Avg (This Year)
No incidents recorded for Securenet Solutions in 2025.
Incident History — Securenet Solutions (X = Date, Y = Severity)
Securenet Solutions cyber incidents detection timeline including parent company and subsidiaries
Securenet Solutions Company Subsidiaries
Securenet Solutions is a leading Israeli consulting and integrated security solutions provider for Data Security and Cyber technologies and solutions. With a team of experts and professionals, Securenet Solutions provides advanced, innovative solutions that address the entire range of enterprise information security needs, starting with consulting, going through survey and planning to implementation of information security systems and cyber services Securenet was founded in 1999 and have about 40 expert professionals. Securenet activity was merged into Aman group, now as Securenet Solutions, leading the Cybersecurity services builds on extensive technical knowledge and skills of employees, along with other data security solutions such as Securing Data in-rest and at-move, planning and establishing Public Key Infrastructures (PKI) and other complex security solutions for the Israeli market. Our solutions, commencing from the characterization stage, through implementation and integration in organizational procedures, cover a wide and comprehensive list of data security issues, including: • Organizational services access control • Strong identification for organizational users • Mechanisms for transferring sensitive data within and outside the organization • Security for smartphones and tablets • Content screening systems • Mail screening and encoding systems • Data leakage prevention and classification systems • Organizational IPS and Firewall solutions • Organizational Antivirus and Sandbox systems • SCADA protection and control systems • Installation management and end station security systems • SIEM systems • Public Key Infrastructure (PKI) systems • Data security consulting and support on all levels • Development of code and writing procedures for various platforms such as Microsoft, CyberArk, Citrix, PKI and more. • Intra-organizational cyber systems
Loading...
Securenet Solutions Similar Companies
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
.png)
Securenet Solutions CyberSecurity News
October 22, 2025 07:00 AM
ViewQwest partners with Zero Networks to deliver automated microsegmentation to enterprises across key Asian markets
Microsegmentation isolates parts of a network so a breach in one area can't spread, helping businesses contain attacks and protect critical...
October 14, 2025 07:00 AM
SecureNet BD eyes inclusive, community-led cyber defence network
The Team Phoenix Group has secured a grant from the APNIC Foundation's ISIF Asia programme to launch SecureNet BD, a pioneering initiative...
March 06, 2025 08:00 AM
How Vodafone & IBM are Future-Proofing Smartphone Security
Vodafone & IBM team up to protect data from future cyber threats by using quantum-safe encryption in Vodafone Secure Net, enhancing online...
March 03, 2025 11:40 AM
Vodafone and IBM work to future-proof smartphone security with quantum-safe cryptography
Vodafone demonstrating proof of concept with IBM's leading Quantum Safe technology to enhance Vodafone Secure Net, the all-in-one security service.
February 18, 2025 08:00 AM
Top 10 Tech Companies to Work for in Palau in 2025
Leading companies like SecureNet Palau and CodeRealm focus on blockchain, renewable energy, marine robotics, and digital healthcare, with approval ratings...
February 16, 2025 08:00 AM
Top 10 Tech Companies to Work for in Fort Lauderdale in 2025
Fort Lauderdale's tech scene flourishes in 2025 with over 1,200 tech companies contributing $2.5 billion to the economy.
December 26, 2024 08:00 AM
Memphis's Top 10 Startups That Tech Professionals Should Watch Out For in 2024
Memphis is rapidly emerging as a hub for innovation in 2024, driven by a vibrant ecosystem of startups in logistics, healthcare, and music.
August 19, 2024 07:00 AM
AIS unveils Thailand’s first personalised cyber immunity tool
Advanced Info Services (AIS), Thailand's leading digital service provider, has unveiled the country's first personalised cyber immunity...
April 25, 2024 07:00 AM
WhizHack Technologies makes foray into Middle East with customized cybersecurity solutions
Company aims to forge strategic tieups and introduce of customized cybersecurity solutions.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Securenet Solutions CyberSecurity History Information
Official Website of Securenet Solutions
The official website of Securenet Solutions is http://www.securenet.co.il/.
Securenet Solutions’s AI-Generated Cybersecurity Score
According to Rankiteo, Securenet Solutions’s AI-generated cybersecurity score is 699, reflecting their Weak security posture.
How many security badges does Securenet Solutions’ have ?
According to Rankiteo, Securenet Solutions currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Securenet Solutions have SOC 2 Type 1 certification ?
According to Rankiteo, Securenet Solutions is not certified under SOC 2 Type 1.
Does Securenet Solutions have SOC 2 Type 2 certification ?
According to Rankiteo, Securenet Solutions does not hold a SOC 2 Type 2 certification.
Does Securenet Solutions comply with GDPR ?
According to Rankiteo, Securenet Solutions is not listed as GDPR compliant.
Does Securenet Solutions have PCI DSS certification ?
According to Rankiteo, Securenet Solutions does not currently maintain PCI DSS compliance.
Does Securenet Solutions comply with HIPAA ?
According to Rankiteo, Securenet Solutions is not compliant with HIPAA regulations.
Does Securenet Solutions have ISO 27001 certification ?
According to Rankiteo,Securenet Solutions is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Securenet Solutions
Securenet Solutions operates primarily in the Computer and Network Security industry.
Number of Employees at Securenet Solutions
Securenet Solutions employs approximately 16 people worldwide.
Subsidiaries Owned by Securenet Solutions
Securenet Solutions presently has no subsidiaries across any sectors.
Securenet Solutions’s LinkedIn Followers
Securenet Solutions’s official LinkedIn profile has approximately 1,648 followers.
NAICS Classification of Securenet Solutions
Securenet Solutions is classified under the NAICS code 541514, which corresponds to Others.
Securenet Solutions’s Presence on Crunchbase
No, Securenet Solutions does not have a profile on Crunchbase.
Securenet Solutions’s Presence on LinkedIn
Yes, Securenet Solutions maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/securenet-solutions.
Cybersecurity Incidents Involving Securenet Solutions
As of December 02, 2025, Rankiteo reports that Securenet Solutions has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Securenet Solutions has an estimated 2,893 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Securenet Solutions ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Securenet Solutions detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and remediation measures with restore data from backups, and law enforcement notified with yes, and communication strategy with notified affected parties, offered credit monitoring services..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on SecureNet Solutions
Description: In July 2023, SecureNet Solutions, a leading cybersecurity firm, fell victim to a sophisticated ransomware attack. The attackers exploited a known vulnerability that had not yet been patched by SecureNet's IT team. This lapse in cybersecurity defense allowed the cybercriminals to encrypt critical customer data, including sensitive financial information and personal identification details. Despite SecureNet Solutions' robust incident response protocol, the breach caused significant downtime for their services, leading to a loss of trust among their clientele. The attackers demanded a substantial ransom for the decryption key; however, SecureNet chose to restore the data from backups. This incident highlighted the importance of timely software updates and continuous monitoring. It also underscored the ever-present threat to firms in the cybersecurity industry, marking a pivotal moment for SecureNet Solutions to reassess and strengthen their security posture.
Date Detected: 2023-07
Type: Ransomware Attack
Attack Vector: Known vulnerability exploit
Vulnerability Exploited: Known vulnerability
Threat Actor: Unknown Cybercriminals
Motivation: Financial Gain
Title: Cyber Attack on SecureNet Solutions
Description: In April 2023, SecureNet Solutions experienced a significant cybersecurity incident classified as a 'Cyber Attack' with the 'Attack threatening the organization’s existence' impact level. Malware was deployed in the company's network infrastructure, leading to the exposure and encryption of sensitive customer and employee data. The attackers demanded a ransom, threatened to sell the data on the dark web, and caused substantial operational disruption, including the shutdown of online services. An investigation revealed that the breach was due to unpatched vulnerabilities that had been previously identified but not addressed in a timely manner.
Date Detected: April 2023
Type: Cyber Attack
Attack Vector: Malware
Vulnerability Exploited: Unpatched vulnerabilities
Motivation: Ransom, Data Theft
Title: Data Breach at SecureNet Solutions
Description: In April 2023, SecureNet Solutions, a cybersecurity service provider, experienced a significant data breach when a group of cybercriminals managed to infiltrate their systems through a malware attack. The breach led to the leak of personal information of both employees and customers including names, addresses, and payment details. The attackers exploited a known vulnerability that had not been patched in time. Although the company detected the breach quickly and took steps to mitigate further damage, the stolen data was substantial enough to pose a risk of identity theft and financial fraud. The attack drew considerable media attention, which not only impacted the company’s reputation but also led to a loss of customer trust. SecureNet Solutions is currently cooperating with authorities and has notified all affected parties, offering credit monitoring services to customers at risk.
Date Detected: April 2023
Type: Data Breach
Attack Vector: Malware
Vulnerability Exploited: Known vulnerability not patched
Threat Actor: Cybercriminals
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware Attack SEC800050724
Data Compromised: Sensitive financial information, Personal identification details
Downtime: Significant
Brand Reputation Impact: Loss of trust among clientele
Incident : Cyber Attack SEC420051124
Data Compromised: Sensitive customer data, Employee data
Systems Affected: Network infrastructure
Downtime: Substantial operational disruption
Operational Impact: Shutdown of online services
Incident : Data Breach SEC429051424
Data Compromised: Names, Addresses, Payment details
Brand Reputation Impact: Significant
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Sensitive Financial Information, Personal Identification Details, , Sensitive Customer Data, Employee Data, , Personal Information, Payment Details and .
Which entities were affected by each incident ?
Incident : Ransomware Attack SEC800050724
Entity Name: SecureNet Solutions
Entity Type: Cybersecurity Firm
Industry: Cybersecurity
Incident : Data Breach SEC429051424
Entity Name: SecureNet Solutions
Entity Type: Cybersecurity Service Provider
Industry: Cybersecurity
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware Attack SEC800050724
Incident Response Plan Activated: Yes
Remediation Measures: Restore data from backups
Incident : Data Breach SEC429051424
Law Enforcement Notified: Yes
Communication Strategy: Notified affected parties, offered credit monitoring services
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware Attack SEC800050724
Type of Data Compromised: Sensitive financial information, Personal identification details
Sensitivity of Data: High
Data Encryption: Yes
Personally Identifiable Information: Yes
Incident : Cyber Attack SEC420051124
Type of Data Compromised: Sensitive customer data, Employee data
Sensitivity of Data: High
Data Encryption: True
Incident : Data Breach SEC429051424
Type of Data Compromised: Personal information, Payment details
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Restore data from backups.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware Attack SEC800050724
Ransom Demanded: Substantial
Ransom Paid: No
Data Encryption: Yes
Incident : Cyber Attack SEC420051124
Ransom Demanded: True
Data Encryption: True
Data Exfiltration: True
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Ransomware Attack SEC800050724
Lessons Learned: Importance of timely software updates and continuous monitoring
Incident : Cyber Attack SEC420051124
Lessons Learned: The importance of timely patching of identified vulnerabilities.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of timely software updates and continuous monitoringThe importance of timely patching of identified vulnerabilities.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach SEC429051424
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified affected parties and offered credit monitoring services.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach SEC429051424
Customer Advisories: Notified all affected parties
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notified all affected parties.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware Attack SEC800050724
Root Causes: Known vulnerability not patched
Corrective Actions: Reassess and strengthen security posture
Incident : Cyber Attack SEC420051124
Root Causes: Unpatched vulnerabilities
Incident : Data Breach SEC429051424
Root Causes: Known vulnerability not patched in time
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Reassess and strengthen security posture.
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was Substantial.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown Cybercriminals and Cybercriminals.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-07.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive financial information, Personal identification details, , Sensitive customer data, Employee data, , Names, Addresses, Payment details and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal identification details, Sensitive financial information, Employee data, Addresses, Names, Payment details and Sensitive customer data.
Ransomware Information
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was No.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Importance of timely software updates and continuous monitoring, The importance of timely patching of identified vulnerabilities.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notified all affected parties.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Known vulnerability not patched, Unpatched vulnerabilities, Known vulnerability not patched in time.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Reassess and strengthen security posture.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=securenet-solutions' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
