Srimax
Company Details
Linkedin ID:
srimax-software-technology
Website:
Employees number:
83
Number of followers:
708
NAICS:
5415
Industry Type:
Homepage:
srimax.com
IP Addresses:
0
Company ID:
SRI_2935229
Scan Status:
In-progress
Srimax Company CyberSecurity Posture
srimax.com
Srimax is an offshore web development company, delivers in-depth solutions for small, medium and large enterprise projects, e-commerce solutions and much more. Our strong team of software professionals have expertise in PHP, Ajax, ASP.NET, Java, C# and Node.Js etc who powers the development work. With a rich and vast experience in providing offshore software development services with high quality standards, we offer the following Services. 1. Web Development 2. Application Development 3. Mobile Development 4. HTML5 Development 5. E-commerce Solutions 6. Web Designing 7. Migration Some of our world’s most useful business Products: 1. Output Messenger The fast, secure & private instant messenger designed specifically for keeping remote employees and multiple offices synchronously 2. Output Time The high-class Project Management & Time Tracking software helps you to collaborate and manage your business better 3. Output Desk Help Desk Software with Ticketing, Live Chat & CRM 4. Output Books GST Billing & Accounting Software for Small, Medium & Large Business 5. OMessenger Our state of art Private Instant Messaging Solution brings your entire office in your desktop 6. ToToDo The simple, neat and gentle application to manage your To-do list that lists the tasks based on date. 7. On My Trip The painless free application helps you to Prepare & Plan your Transport, Hotels, Events and Checklists to make your trip as stress free 8. Contacts Clinic The complete Contacts Management Software lets Microsoft Outlook users to Automatically update, Organize & Maintain their Contacts 9. WordPlus+ The add-on offers the users an array of sophisticated tools & functions to help them with their day-to-day business correspondence. It speeds up documentation activities to help you gear-up your business to the Max 10. Spam Filter An innovative plug-in software has been launched specifically for the Outlook environment to provide Outlook users with a Spam free in-box
Srimax A.I CyberSecurity Scoring
Srimax Risk Score (AI oriented)Between 750 and 799
Srimax
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Srimax Global Score (TPRM)XXXX
Srimax
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Srimax Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Output MessengerSrimax and Output Messenger: Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Marbled Dust Exploits Zero-Day in Output Messenger for Cyber Espionage Targeting Kurdish Military A Türkiye-linked threat actor, tracked as Marbled Dust (also known as Cosmic Wolf, Sea Turtle, and UNC1326), has been exploiting a zero-day vulnerability (CVE-2025-27920) in Output Messenger, an Indian enterprise communication platform, since April 2024. The campaign, uncovered by Microsoft Threat Intelligence, targeted Kurdish military entities in Iraq, aligning with the group’s historical focus on regional espionage. The flaw a directory traversal vulnerability in Output Messenger version 2.0.62 allowed attackers to remotely execute arbitrary files. The developer, Srimax, patched the issue in December 2024 with version 2.0.63, though its advisory did not acknowledge in-the-wild exploitation. Microsoft assessed that Marbled Dust conducted reconnaissance to identify Output Messenger users before leveraging the zero-day. The attack chain began with authenticated access to the Output Messenger Server Manager, likely obtained via DNS hijacking or typosquatted domains. Once inside, the threat actor exploited CVE-2025-27920 to deploy malicious payloads, including: - OM.vbs and OMServerService.vbs (dropped in the server startup folder) - OMServerService.exe (a Golang backdoor placed in the server’s *Users/public/videos* directory) The backdoor communicated with a hard-coded domain (api.wordinfos[.]com) for data exfiltration. On the client side, the installer executed both the legitimate OutputMessenger.exe and a second Golang backdoor (OMClientService.exe), which connected to a Marbled Dust command-and-control (C2) server. The backdoor performed a connectivity check before sending victim hostname data, with responses executed via Windows command prompt (cmd /c). Microsoft also identified a second reflected XSS vulnerability (CVE-2025-27921) in the same version but found no evidence of its exploitation. The attack marks a shift in Marbled Dust’s sophistication, suggesting escalated targeting priorities or operational urgency while maintaining its established espionage focus. The group, active since at least 2017, has previously targeted telecoms, ISPs, IT service providers, and Kurdish entities in the Middle East, North Africa, and Europe.
Srimax Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Srimax
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Srimax in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Srimax in 2026.
Incident Types Srimax vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Srimax in 2026.
Incident History — Srimax (X = Date, Y = Severity)
Srimax cyber incidents detection timeline including parent company and subsidiaries
Srimax Company Subsidiaries
Srimax is an offshore web development company, delivers in-depth solutions for small, medium and large enterprise projects, e-commerce solutions and much more. Our strong team of software professionals have expertise in PHP, Ajax, ASP.NET, Java, C# and Node.Js etc who powers the development work. With a rich and vast experience in providing offshore software development services with high quality standards, we offer the following Services. 1. Web Development 2. Application Development 3. Mobile Development 4. HTML5 Development 5. E-commerce Solutions 6. Web Designing 7. Migration Some of our world’s most useful business Products: 1. Output Messenger The fast, secure & private instant messenger designed specifically for keeping remote employees and multiple offices synchronously 2. Output Time The high-class Project Management & Time Tracking software helps you to collaborate and manage your business better 3. Output Desk Help Desk Software with Ticketing, Live Chat & CRM 4. Output Books GST Billing & Accounting Software for Small, Medium & Large Business 5. OMessenger Our state of art Private Instant Messaging Solution brings your entire office in your desktop 6. ToToDo The simple, neat and gentle application to manage your To-do list that lists the tasks based on date. 7. On My Trip The painless free application helps you to Prepare & Plan your Transport, Hotels, Events and Checklists to make your trip as stress free 8. Contacts Clinic The complete Contacts Management Software lets Microsoft Outlook users to Automatically update, Organize & Maintain their Contacts 9. WordPlus+ The add-on offers the users an array of sophisticated tools & functions to help them with their day-to-day business correspondence. It speeds up documentation activities to help you gear-up your business to the Max 10. Spam Filter An innovative plug-in software has been launched specifically for the Outlook environment to provide Outlook users with a Spam free in-box
Loading...
Srimax Similar Companies
Infinite Computer Solutions
Infinite is a global leader in technology modernization, next-gen IT services and solutions, and digital engineering, with over two decades of experience helping clients turn digital transformation into business value. Leveraging an AI-first approach, we combine leading technologies, innovative plat
Appen
Appen has been a leader in AI training data for over 25 years, providing high-quality, diverse datasets that power the world's leading AI models. Our end-to-end platform, deep expertise, and scalable human-in-the-loop services enable AI innovators to build and optimize cutting-edge models. We spec
eClerx
eClerx is a productized services company, bringing together people, technology and domain expertise to amplify business results. Our mission is to set the benchmark for client service and success in our industry. Our vision is to be the innovation partner of choice for technology, data analytics and
At Globant, we create the digitally-native products that people love. We bridge the gap between businesses and consumers through technology and creativity, leveraging our experience as an AI powerhouse. We dare to digitally transform organizations and strive to delight their customers. - We have mo
Infosys BPM
Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re
Infosys
Infosys is a global leader in next-generation digital services and consulting. We enable clients in more than 50 countries to navigate their digital transformation. With over three decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through
Gainwell Technologies
For 50 years, our nation’s federal Medicaid program has worked to improve the health, safety and well-being of America’s most vulnerable populations: low-income families, women and children, seniors, and those with disabilities. With positive health and cost outcomes that pierce inequities and impac
FPT Software, a subsidiary of FPT Corporation, is a global technology and IT services provider headquartered in Vietnam, with USD 1.22 billion in revenue (2024) and over 33,000 employees in 30 countries. Embracing an AI-first approach, FPT Software enables breakthrough speed, scalability and quali
Coforge is a global digital services and solutions provider that fuses deep domain expertise with emerging technologies to deliver real-world business impact. With a sharp focus on select industries and an execution intensity that’s uniquely our own, Coforge has emerged as the 7th largest Indian IT
.png)
Srimax CyberSecurity News
May 13, 2025 07:00 AM
Turkish spies caught exploiting zero-day for over a year
Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began...
May 13, 2025 07:00 AM
Türkiye-Linked Hackers Target Kurdish Servers via Output Messenger Zero-Day Flaw Exploit
An espionage actor has been exploiting a directory traversal zero-day in Output Messenger for more than one year, deploying backdoors and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Srimax CyberSecurity History Information
Official Website of Srimax
The official website of Srimax is https://www.srimax.com.
Srimax’s AI-Generated Cybersecurity Score
According to Rankiteo, Srimax’s AI-generated cybersecurity score is 753, reflecting their Fair security posture.
How many security badges does Srimax’ have ?
According to Rankiteo, Srimax currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Srimax been affected by any supply chain cyber incidents ?
According to Rankiteo, Srimax has been affected by a supply chain cyber incident involving Output Messenger, with the incident ID SRISRI1767087399.
Does Srimax have SOC 2 Type 1 certification ?
According to Rankiteo, Srimax is not certified under SOC 2 Type 1.
Does Srimax have SOC 2 Type 2 certification ?
According to Rankiteo, Srimax does not hold a SOC 2 Type 2 certification.
Does Srimax comply with GDPR ?
According to Rankiteo, Srimax is not listed as GDPR compliant.
Does Srimax have PCI DSS certification ?
According to Rankiteo, Srimax does not currently maintain PCI DSS compliance.
Does Srimax comply with HIPAA ?
According to Rankiteo, Srimax is not compliant with HIPAA regulations.
Does Srimax have ISO 27001 certification ?
According to Rankiteo,Srimax is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Srimax
Srimax operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Srimax
Srimax employs approximately 83 people worldwide.
Subsidiaries Owned by Srimax
Srimax presently has no subsidiaries across any sectors.
Srimax’s LinkedIn Followers
Srimax’s official LinkedIn profile has approximately 708 followers.
NAICS Classification of Srimax
Srimax is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Srimax’s Presence on Crunchbase
No, Srimax does not have a profile on Crunchbase.
Srimax’s Presence on LinkedIn
Yes, Srimax maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/srimax-software-technology.
Cybersecurity Incidents Involving Srimax
As of January 21, 2026, Rankiteo reports that Srimax has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Srimax has an estimated 38,438 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Srimax ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Srimax detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with microsoft threat intelligence, and containment measures with patch released (v2.0.63), removal of malicious payloads (om.vbs, omserverservice.vbs, omserverservice.exe), and remediation measures with fix for cve-2025-27920, enhanced authentication mechanisms, and enhanced monitoring with monitoring for connections to c2 domain (api.wordinfos[.]com)..
Incident Details
Can you provide details on each incident ?
Title: Marbled Dust Exploits Zero-Day in Output Messenger for Cyber Espionage
Description: A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. The exploits resulted in the collection of related user data from targets in Iraq, specifically associated with the Kurdish military.
Date Detected: 2024-04-01
Date Resolved: 2024-12-01
Type: Cyber Espionage
Attack Vector: Zero-day Exploit (CVE-2025-27920)
Vulnerability Exploited: CVE-2025-27920 (Directory Traversal), CVE-2025-27921 (Reflected XSS - unused)
Threat Actor: Marbled Dust (aka Cosmic Wolf, Sea Turtle, Teal Kurma, UNC1326, Silicon)
Motivation: Cyber Espionage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through DNS hijacking or typosquatted domains to intercept credentials.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber Espionage SRISRI1767087399
Data Compromised: User data, credentials, and sensitive information
Systems Affected: Output Messenger Server Manager, Output Messenger Client
Operational Impact: Data exfiltration, unauthorized access to sensitive communications
Brand Reputation Impact: Potential reputational damage to Output Messenger
Identity Theft Risk: High (PII exposure)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are User credentials, communication data and personally identifiable information (PII).
Which entities were affected by each incident ?
Incident : Cyber Espionage SRISRI1767087399
Entity Name: Output Messenger (Srimax)
Entity Type: Enterprise Communication Platform
Industry: Technology/Software
Location: India
Customers Affected: Kurdish military entities in Iraq, telecommunication/media/IT-service providers in the Middle East and North Africa
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyber Espionage SRISRI1767087399
Third Party Assistance: Microsoft Threat Intelligence
Containment Measures: Patch released (v2.0.63), removal of malicious payloads (OM.vbs, OMServerService.vbs, OMServerService.exe)
Remediation Measures: Fix for CVE-2025-27920, enhanced authentication mechanisms
Enhanced Monitoring: Monitoring for connections to C2 domain (api.wordinfos[.]com)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Microsoft Threat Intelligence.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyber Espionage SRISRI1767087399
Type of Data Compromised: User credentials, communication data, personally identifiable information (PII)
Sensitivity of Data: High (military-related, PII)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Fix for CVE-2025-27920, enhanced authentication mechanisms.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patch released (v2.0.63), removal of malicious payloads (om.vbs, omserverservice.vbs and omserverservice.exe).
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Cyber Espionage SRISRI1767087399
Data Exfiltration: True
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Cyber Espionage SRISRI1767087399
Lessons Learned: Zero-day exploits can be leveraged for targeted cyber espionage; reconnaissance plays a critical role in threat actor operations; timely patching is essential to mitigate risks.
What recommendations were made to prevent future incidents ?
Incident : Cyber Espionage SRISRI1767087399
Recommendations: Apply the latest patch (v2.0.63) for Output Messenger, Monitor for connections to known malicious domains (e.g., api.wordinfos[.]com), Implement multi-factor authentication (MFA) for sensitive systems, Conduct regular security audits and vulnerability assessments, Educate users on phishing and credential interception risksApply the latest patch (v2.0.63) for Output Messenger, Monitor for connections to known malicious domains (e.g., api.wordinfos[.]com), Implement multi-factor authentication (MFA) for sensitive systems, Conduct regular security audits and vulnerability assessments, Educate users on phishing and credential interception risksApply the latest patch (v2.0.63) for Output Messenger, Monitor for connections to known malicious domains (e.g., api.wordinfos[.]com), Implement multi-factor authentication (MFA) for sensitive systems, Conduct regular security audits and vulnerability assessments, Educate users on phishing and credential interception risksApply the latest patch (v2.0.63) for Output Messenger, Monitor for connections to known malicious domains (e.g., api.wordinfos[.]com), Implement multi-factor authentication (MFA) for sensitive systems, Conduct regular security audits and vulnerability assessments, Educate users on phishing and credential interception risksApply the latest patch (v2.0.63) for Output Messenger, Monitor for connections to known malicious domains (e.g., api.wordinfos[.]com), Implement multi-factor authentication (MFA) for sensitive systems, Conduct regular security audits and vulnerability assessments, Educate users on phishing and credential interception risks
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Zero-day exploits can be leveraged for targeted cyber espionage; reconnaissance plays a critical role in threat actor operations; timely patching is essential to mitigate risks.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement multi-factor authentication (MFA) for sensitive systems, Monitor for connections to known malicious domains (e.g., api.wordinfos[.]com), Apply the latest patch (v2.0.63) for Output Messenger, Educate users on phishing and credential interception risks and Conduct regular security audits and vulnerability assessments.
References
Where can I find more information about each incident ?
Incident : Cyber Espionage SRISRI1767087399
Source: Microsoft Threat Intelligence
Incident : Cyber Espionage SRISRI1767087399
Source: Cisco Talos
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Microsoft Threat Intelligence, and Source: Cisco Talos.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyber Espionage SRISRI1767087399
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Cyber Espionage SRISRI1767087399
Entry Point: DNS hijacking or typosquatted domains to intercept credentials
Reconnaissance Period: Pre-attack reconnaissance to identify Output Messenger users
Backdoors Established: Golang backdoors (OMServerService.exe, OMClientService.exe)
High Value Targets: Kurdish military entities, telecommunication/media/IT-service providers
Data Sold on Dark Web: Kurdish military entities, telecommunication/media/IT-service providers
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Cyber Espionage SRISRI1767087399
Root Causes: Unpatched Zero-Day Vulnerability (Cve-2025-27920), Lack Of Multi-Factor Authentication (Mfa), Insufficient Monitoring For Malicious C2 Communications,
Corrective Actions: Patch Management For Zero-Day Vulnerabilities, Implementation Of Mfa, Enhanced Network Monitoring For C2 Traffic, User Training On Credential Security,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Microsoft Threat Intelligence, Monitoring for connections to C2 domain (api.wordinfos[.]com).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patch Management For Zero-Day Vulnerabilities, Implementation Of Mfa, Enhanced Network Monitoring For C2 Traffic, User Training On Credential Security, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Marbled Dust (aka Cosmic Wolf, Sea Turtle, Teal Kurma, UNC1326 and Silicon).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-04-01.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were User data, credentials and and sensitive information.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Microsoft Threat Intelligence.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Patch released (v2.0.63), removal of malicious payloads (OM.vbs, OMServerService.vbs and OMServerService.exe).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were User data, credentials and and sensitive information.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Zero-day exploits can be leveraged for targeted cyber espionage; reconnaissance plays a critical role in threat actor operations; timely patching is essential to mitigate risks.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement multi-factor authentication (MFA) for sensitive systems, Monitor for connections to known malicious domains (e.g., api.wordinfos[.]com), Apply the latest patch (v2.0.63) for Output Messenger, Educate users on phishing and credential interception risks and Conduct regular security audits and vulnerability assessments.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cisco Talos and Microsoft Threat Intelligence.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an DNS hijacking or typosquatted domains to intercept credentials.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Pre-attack reconnaissance to identify Output Messenger users.
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=srimax-software-technology' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
