TikTok
Company Details
Linkedin ID:
tiktok
Employees number:
74,662
Number of followers:
3,813,700
NAICS:
71
Industry Type:
Homepage:
tiktok.com
IP Addresses:
0
Company ID:
TIK_1303559
Scan Status:
In-progress
TikTok Company CyberSecurity Posture
tiktok.com
TikTok is a discovery tool made just for you. TikTok is a global platform for discovery, joy and endless possibilities — connecting and entertaining more than a billion people across more than 150 countries. TikTok's headquarters are in Los Angeles and Singapore, with additional offices in Austin, Dublin, Paris, Berlin, Dubai, Jakarta, Johannesburg, London, New York, Mexico City, Sao Paolo, San Jose, Seoul, Seattle, and Tokyo.
TikTok A.I CyberSecurity Scoring
TikTok Risk Score (AI oriented)Between 700 and 749
TikTok
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TikTok Global Score (TPRM)XXXX
TikTok
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TikTok Company CyberSecurity News & History
Past Incidents
6
Attack Types
3
ByteDance
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: ByteDance, the parent company of TikTok, faced a significant operational loss as the app was banned in the United States. This resulted in the app's removal from major app stores and impeded its ability to function or receive updates, effectively disabling access for millions of users. The ban, driven by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA), while not making the app illegal, has created a substantial barrier for ByteDance's TikTok in the US market. With users flocking to alternate platforms and seeking workarounds such as VPNs, the app's future in the US remains uncertain, with the impact yet to be fully quantified.
TikTok
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A threat actor known as 'Often9' has claimed to possess 428 million unique TikTok user records, including sensitive information such as email addresses, mobile phone numbers, and internal account flags. The data's legitimacy is questionable due to the presence of empty or generic fields in the sample entries and the lack of reputation of the seller. Previous claims of TikTok data breaches have been denied by the company.
TikTok
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Popular short-form video sharing platform TikTok suffered a data security incident after a hacker group, AgainstTheWest gained access to an internal cloud server containing its source code and user information. The accessed database was hosted on a Alibaba cloud instance, and hold over 2 billion records in a 790 GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and more.
TikTok
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: TikTok faced a substantial operational disruption in the United States due to the enactment of the PAFACA law, leading to its removal from app stores and ceasing its function on millions of devices. The consequence was a ban on updates and new content, pushing users to look for alternatives like Xiaohongshu. Despite being non-operational, the app wasn't forcibly removed from phones, and users could potentially circumvent the ban. The action implicated significant implications for TikTok's market presence, affected its user base, and raised questions about compliance and corporate strategy in response to political regulations.
TikTok
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Should the US Supreme Court uphold the ban on TikTok as determined by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA), the video-sharing social networking service faces an unprecedented technological clampdown in the US. This potential ban may result in significant economic impact, affecting around 170 million American users, including influencers and businesses that rely on the app for income and promotion. The ruling will hinge on weighing national security risks against First Amendment rights, with implications for online expression, economic factors, and potential data privacy concerns due to the app’s Chinese ownership.
TikTok
Vulnerability
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: The potential ban of TikTok in the United States represents a significant move that could undermine the company's economic stance within the region. With over 170 million users in the US, the ban would not only cause a loss of influence and market but also affect countless influencers and businesses that rely on the app for income and promotion. While no data breach or attack is explicitly mentioned, the perception of national security threats could damage TikTok's reputation, and a forced sale or ban by PAFACA could disrupt the app's operations, creating financial and reputational consequences.
TikTok Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TikTok
Incidents vs Entertainment Providers Industry Average (This Year)
TikTok has 412.82% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
TikTok has 525.0% more incidents than the average of all companies with at least one recorded incident.
Incident Types TikTok vs Entertainment Providers Industry Avg (This Year)
TikTok reported 4 incidents this year: 1 cyber attacks, 0 ransomware, 1 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.
Incident History — TikTok (X = Date, Y = Severity)
TikTok cyber incidents detection timeline including parent company and subsidiaries
TikTok Company Subsidiaries
TikTok is a discovery tool made just for you. TikTok is a global platform for discovery, joy and endless possibilities — connecting and entertaining more than a billion people across more than 150 countries. TikTok's headquarters are in Los Angeles and Singapore, with additional offices in Austin, Dublin, Paris, Berlin, Dubai, Jakarta, Johannesburg, London, New York, Mexico City, Sao Paolo, San Jose, Seoul, Seattle, and Tokyo.
Loading...
TikTok Similar Companies
Lucidity
Lucidity Agency Models, también conocida como Lucidity, es una agencia de modelos establecida en vancouver, Canada, en 2010 por el conglomerado The Ivan Group. Lucidity maneja en la actualidad a más de 800 modelos de los cinco continentes, convirtiéndola en la agencia de modelos más grande del mund
NBCUniversal
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and n
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. Our mission is to entertain, inform and inspire pe
Universal Music Group (UMG) is the world leader in music-based entertainment, with a broad array of businesses engaged in recorded music, music publishing, merchandising and audiovisual content in more than 60 countries. Featuring the most comprehensive catalog of recordings and songs across every m
Topgolf is the ultimate instigator of play. Thanks to our 100+ venues around the globe, which are powered by industry-leading Toptracer technology, we're leading the charge of modern golf. We offer a variety of tech-driven games, a top-tier food and drink menu, space to host large events, and a vibe
Electronic Arts (EA)
Electronic Arts creates next-level entertainment experiences that inspire players and fans around the world. Here, everyone is part of the story. Part of a community that connects across the globe. A team where creativity thrives, new perspectives are invited, and ideas matter. Regardless of your ro
Dave & Buster's Inc.
Welcome to Dave & Buster's, the ONLY place to Eat, Drink, Play & Watch Sports®, all under one roof! Here, you can immerse yourself in a world of excitement, from our Million Dollar Midway, packed with the hottest arcade games, to our mouth-watering, chef-crafted creations served in our American rest
Recognized three years in a row by Great Place to Work® and named one of People Magazine’s Top 50 Companies that Care, Live Nation Entertainment is the global leader in live events and ticketing. With business operations and corporate functions across major divisions including Ticketmaster, Concerts
Entain
Welcome to Entain. Our journey as Entain began when we evolved from GVC Holdings on 9th December 2020, but our brands have been paving the way and making history since the 1880s. Today, we’re one of the world’s largest sports betting and gaming entertainment groups – a FTSE 100 company that is h
.png)
TikTok CyberSecurity News
November 07, 2025 05:43 AM
EC: TikTok inoramba ichishanda muAlbania kunyangwe sarudzo yehurumende, cybersecurity masimba haana simba
TikTok inoramba ichishanda muAlbania kunyangwe danho rehurumende munaKurume wegore rino rekuimisa. Izvi zvakataurwa mumushumo weEuropean Commission...
November 06, 2025 11:26 PM
Nat’l Cyber Security Conference: TikTok partners with SL CERT
TikTok, social media platform owned by the Chinese company ByteDance, has partnered with the Sri Lanka Computer Emergency Readiness.
November 04, 2025 01:39 PM
EC: TikTok continues to be active in Albania despite government decision, cybersecurity capacities are weak
TikTok continues to be active in Albania despite the government's decision in March of this year to suspend it. This is stated in the...
November 01, 2025 03:25 AM
Criminal Organizations Infiltrating Apps Like TikTok: Cybersecurity Expert
Rex Lee, cybersecurity adviser at My Smart Privacy, discussed the psychological aspects of the TikTok app, especially its impact on young...
October 27, 2025 07:00 AM
TikTok Shares Cybersecurity Tips
With cyber scams on the increase, TikTok is looking to help raise awareness among its user community.
October 25, 2025 07:00 AM
Infected TikTok videos, billion‑ruble fraud losses and other cybersecurity developments
Infected TikTok videos, billion‑ruble fraud losses and other cybersecurity developments · Cybercriminals stole 450 million rubles from a Moscow...
October 22, 2025 07:00 AM
If a TikTok 'tech tip' tells you to paste code, it's a scam. Here's what's really happening
TikTok is being exploited as a delivery platform to spread information-stealing malware and other payloads, with free software acting as the...
October 20, 2025 06:47 PM
How to use TikTok without age verification How to watch TikTok videos without ID
TikTok is poised to start enforcing stricter age checks, depending your country's laws for social media websites. Adults are often asked to upload IDs or...
October 17, 2025 07:00 AM
Hackers Using TikTok Videos to Deploy Self-Compiling Malware That Leverages PowerShell for Execution
Hackers exploit TikTok by offering fake free software activations, tricking users into running PowerShell commands to install malware.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TikTok CyberSecurity History Information
Official Website of TikTok
The official website of TikTok is https://www.tiktok.com/about?lang=en.
TikTok’s AI-Generated Cybersecurity Score
According to Rankiteo, TikTok’s AI-generated cybersecurity score is 723, reflecting their Moderate security posture.
How many security badges does TikTok’ have ?
According to Rankiteo, TikTok currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does TikTok have SOC 2 Type 1 certification ?
According to Rankiteo, TikTok is not certified under SOC 2 Type 1.
Does TikTok have SOC 2 Type 2 certification ?
According to Rankiteo, TikTok does not hold a SOC 2 Type 2 certification.
Does TikTok comply with GDPR ?
According to Rankiteo, TikTok is not listed as GDPR compliant.
Does TikTok have PCI DSS certification ?
According to Rankiteo, TikTok does not currently maintain PCI DSS compliance.
Does TikTok comply with HIPAA ?
According to Rankiteo, TikTok is not compliant with HIPAA regulations.
Does TikTok have ISO 27001 certification ?
According to Rankiteo,TikTok is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of TikTok
TikTok operates primarily in the Entertainment Providers industry.
Number of Employees at TikTok
TikTok employs approximately 74,662 people worldwide.
Subsidiaries Owned by TikTok
TikTok presently has no subsidiaries across any sectors.
TikTok’s LinkedIn Followers
TikTok’s official LinkedIn profile has approximately 3,813,700 followers.
NAICS Classification of TikTok
TikTok is classified under the NAICS code 71, which corresponds to Arts, Entertainment, and Recreation.
TikTok’s Presence on Crunchbase
No, TikTok does not have a profile on Crunchbase.
TikTok’s Presence on LinkedIn
Yes, TikTok maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/tiktok.
Cybersecurity Incidents Involving TikTok
As of November 27, 2025, Rankiteo reports that TikTok has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
TikTok has an estimated 7,232 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at TikTok ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Vulnerability and Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: TikTok Data Security Incident
Description: TikTok suffered a data security incident after a hacker group, AgainstTheWest, gained access to an internal cloud server containing its source code and user information.
Type: Data Breach
Attack Vector: Unauthorized Access to Cloud Server
Threat Actor: AgainstTheWest
Title: Potential Ban on TikTok in the US
Description: The US Supreme Court is considering a ban on TikTok as determined by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA). This potential ban could lead to significant economic impact, affecting around 170 million American users, including influencers and businesses that rely on the app for income and promotion. The ruling will weigh national security risks against First Amendment rights, with implications for online expression, economic factors, and potential data privacy concerns due to the app’s Chinese ownership.
Type: Regulatory Ban
Motivation: National Security Risks
Title: Potential Ban of TikTok in the United States
Description: The potential ban of TikTok in the United States represents a significant move that could undermine the company's economic stance within the region. With over 170 million users in the US, the ban would not only cause a loss of influence and market but also affect countless influencers and businesses that rely on the app for income and promotion. While no data breach or attack is explicitly mentioned, the perception of national security threats could damage TikTok's reputation, and a forced sale or ban by PAFACA could disrupt the app's operations, creating financial and reputational consequences.
Type: Regulatory Action
Threat Actor: US Government
Motivation: National Security Concerns
Title: TikTok Operational Disruption Due to PAFACA Law
Description: TikTok faced a substantial operational disruption in the United States due to the enactment of the PAFACA law, leading to its removal from app stores and ceasing its function on millions of devices. The consequence was a ban on updates and new content, pushing users to look for alternatives like Xiaohongshu. Despite being non-operational, the app wasn't forcibly removed from phones, and users could potentially circumvent the ban. The action implicated significant implications for TikTok's market presence, affected its user base, and raised questions about compliance and corporate strategy in response to political regulations.
Type: Operational Disruption
Motivation: Legal Compliance
Title: TikTok Ban in the United States
Description: ByteDance, the parent company of TikTok, faced a significant operational loss as the app was banned in the United States. This resulted in the app's removal from major app stores and impeded its ability to function or receive updates, effectively disabling access for millions of users. The ban, driven by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA), while not making the app illegal, has created a substantial barrier for ByteDance's TikTok in the US market. With users flocking to alternate platforms and seeking workarounds such as VPNs, the app's future in the US remains uncertain, with the impact yet to be fully quantified.
Type: Operational Disruption
Motivation: Regulatory Compliance
Title: TikTok 2025 Breach – 428M Unique Lines
Description: A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records.
Date Detected: 2025-05-29
Type: Data Breach
Attack Vector: Unauthorized access, possibly through internal systems or third-party database
Threat Actor: Often9
Motivation: Financial gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach TIK213327922
Data Compromised: User data, Platform statistics, Software code, Cookies, Auth tokens, Server info
Systems Affected: Internal cloud server
Incident : Regulatory Action TIK001011525
Operational Impact: Potential disruption of app operations
Revenue Loss: Potential loss of influence and market
Brand Reputation Impact: Damage to TikTok's reputation
Incident : Operational Disruption TIK000012025
Systems Affected: App Stores, User Devices
Downtime: Indefinite
Operational Impact: Significant
Brand Reputation Impact: Significant
Legal Liabilities: Potential
Incident : Operational Disruption BYT000012225
Systems Affected: TikTok App
Operational Impact: App removal from app storesDisabled access for millions of users
Incident : Data Breach TIK717053025
Data Compromised: Email addresses, Mobile phone numbers, Biography, avatar urls, and profile links, Tiktok user ids, usernames, and nicknames, Account flags like private_account, secret, verified, and ttseller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are User Data, Platform Statistics, Software Code, Cookies, Auth Tokens, Server Info, , Email Addresses, Mobile Phone Numbers, Biography, Avatar Urls, And Profile Links, Tiktok User Ids, Usernames, And Nicknames, Account Flags Like Private Account, Secret, Verified, And Ttseller Status, Publicly Visible Metrics Such As Follower Counts, Following Counts, Like Counts, Video Counts, Digg Counts, And Friend Counts and .
Which entities were affected by each incident ?
Incident : Regulatory Ban TIK000011025
Entity Name: TikTok
Entity Type: Social Networking Service
Industry: Technology
Location: Global
Customers Affected: 170 million American users
Incident : Regulatory Action TIK001011525
Entity Name: TikTok
Entity Type: Social Media Platform
Industry: Technology
Location: Global
Size: Large
Customers Affected: 170 million users in the US
Incident : Operational Disruption TIK000012025
Entity Name: TikTok
Entity Type: Company
Industry: Social Media
Location: United States
Customers Affected: Millions
Incident : Operational Disruption BYT000012225
Entity Name: ByteDance
Entity Type: Company
Industry: Technology
Location: Global
Customers Affected: Millions of users
Incident : Data Breach TIK717053025
Entity Name: TikTok
Entity Type: Social Media Platform
Industry: Social Media
Customers Affected: 428000000
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach TIK213327922
Type of Data Compromised: User data, Platform statistics, Software code, Cookies, Auth tokens, Server info
Number of Records Exposed: 2 billion
Incident : Data Breach TIK717053025
Type of Data Compromised: Email addresses, Mobile phone numbers, Biography, avatar urls, and profile links, Tiktok user ids, usernames, and nicknames, Account flags like private_account, secret, verified, and ttseller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts
Number of Records Exposed: 428000000
Sensitivity of Data: Medium to High
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Operational Disruption TIK000012025
Regulations Violated: PAFACA Law
Incident : Operational Disruption BYT000012225
Regulations Violated: Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA),
References
Where can I find more information about each incident ?
Incident : Data Breach TIK717053025
Source: Hackread.com
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Hackread.com.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach TIK717053025
Investigation Status: Ongoing
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Operational Disruption TIK000012025
Root Causes: Enactment of PAFACA Law
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an AgainstTheWest, US Government and Often9.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-05-29.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were user data, platform statistics, software code, cookies, auth tokens, server info, , Email addresses, Mobile phone numbers, Biography, avatar URLs, and profile links, TikTok user IDs, usernames, and nicknames, Account flags like private_account, secret, verified, and ttSeller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal cloud server and and TikTok App.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were auth tokens, Email addresses, Account flags like private_account, secret, verified, and ttSeller status, software code, Biography, avatar URLs, and profile links, user data, Mobile phone numbers, TikTok user IDs, usernames, and nicknames, cookies, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts, platform statistics and server info.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 2.0B.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Hackread.com.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=tiktok' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
