TINEXTA S.P.A.
Company Details
Linkedin ID:
tinexta
Website:
Employees number:
2,198
Number of followers:
27,400
NAICS:
5415
Industry Type:
Homepage:
tinexta.com
IP Addresses:
0
Company ID:
TIN_1842742
Scan Status:
In-progress
TINEXTA S.P.A. Company CyberSecurity Posture
tinexta.com
Tinexta is an industrial Group that offers innovative solutions for the digital transformation and growth of companies, professionals and institutions. Listed on the Euronext STAR Milan, it is included in the European Tech Leader index as a high-growth tech company. Based in Italy and present in 9 countries from Europe to Latin America with over 2,000 employees, Tinexta is active in the strategic Digital Trust, Cyber Security and Business Innovation sectors.
TINEXTA S.P.A. A.I CyberSecurity Scoring
TINEXTA S.P.A. Risk Score (AI oriented)Between 750 and 799
TINEXTA S.P.A.
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TINEXTA S.P.A. Global Score (TPRM)XXXX
TINEXTA S.P.A.
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TINEXTA S.P.A. Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Tinexta InfoCert S.p.A.
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks:
Description: A critical security vulnerability was discovered in **GoSign Desktop**, a widely used electronic signature solution by Tinexta InfoCert. The flaws include **disabled TLS certificate validation** and an **unverified update mechanism**, enabling attackers to intercept sensitive data (e.g., credentials, documents, authentication tokens) via man-in-the-middle (MitM) attacks or deliver malicious updates. Since GoSign Desktop is often deployed in **government agencies, enterprises, and legal workflows**—sometimes with **administrator-level privileges**—exploitation could lead to **document tampering, fraud, or legal liability**. The lack of public patches or remediation timelines from InfoCert exacerbates the risk, leaving organizations exposed unless they implement compensating controls (e.g., network isolation, migration to the SaaS version). The vulnerability undermines trust in digital signature workflows, particularly in sectors where **legally binding documents** are processed.
TINEXTA S.P.A. Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TINEXTA S.P.A.
Incidents vs IT Services and IT Consulting Industry Average (This Year)
TINEXTA S.P.A. has 85.19% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
TINEXTA S.P.A. has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types TINEXTA S.P.A. vs IT Services and IT Consulting Industry Avg (This Year)
TINEXTA S.P.A. reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — TINEXTA S.P.A. (X = Date, Y = Severity)
TINEXTA S.P.A. cyber incidents detection timeline including parent company and subsidiaries
TINEXTA S.P.A. Company Subsidiaries
Tinexta is an industrial Group that offers innovative solutions for the digital transformation and growth of companies, professionals and institutions. Listed on the Euronext STAR Milan, it is included in the European Tech Leader index as a high-growth tech company. Based in Italy and present in 9 countries from Europe to Latin America with over 2,000 employees, Tinexta is active in the strategic Digital Trust, Cyber Security and Business Innovation sectors.
Loading...
TINEXTA S.P.A. Similar Companies
Accenture in India
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Interactive, Technology and Operations services — all powered by the w
Zoom
Bring teams together, reimagine workspaces, engage new audiences, and delight your customers –– all on the Zoom AI-first work platform you know and love. 💙 Zoomies help people stay connected so they can get more done together. We set out on a mission to make video communications frictionless and se
CenturyLink
CenturyLink (NYSE: CTL) is a technology leader delivering hybrid networking, cloud connectivity, and security solutions to customers around the world. Through its extensive global fiber network, CenturyLink provides secure and reliable services to meet the growing digital demands of businesses and c
TD SYNNEX
We’re TD SYNNEX (NYSE: SNX), a leading distributor and solutions aggregator for the IT ecosystem. We’re 23,000 of the IT industry’s best and brightest, who share an unwavering passion for bringing compelling technology products, services and solutions to the world. We’re an innovative partner that
Amadeus
We make the experience of travel better for everyone, everywhere by inspiring innovation, partnerships and responsibility to people, places and planet. Our technology powers the travel and tourism industry. We inspire more connected ways of thinking, centered around the traveler. Our platform c
Stefanini Brasil
A Stefanini é uma multinacional brasileira que atua no setor de serviços em TI. Com um suporte em mais de 30 idiomas, a Stefanini, 5ª empresa mais internacionalizada, segundo a Fundação Dom Cabral, atua em mais de 35 países e e está entre as 100 maiores empresas de TI do mundo (BBC News). Uma das ma
Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including systems integration, managed services infrastructure, cloud solutions, business applications, customer experience, and intelligent security solutions. We p
ASGN Incorporated
ASGN Incorporated (NYSE: ASGN) is a leading provider of IT services and solutions across the commercial and government sectors. ASGN helps corporate enterprises and government organizations develop, implement and operate critical IT and business solutions through its integrated offerings. For more i
Neobpo
Somos especializados em integrar tecnologia com inteligência humana, oferecendo soluções digitais que promovem transformação e eficiência operacional. Nosso foco é gerar valor por meio de resultados reais, utilizando inteligência digital para atender às necessidades específicas de cada cliente. Merg
.png)
TINEXTA S.P.A. CyberSecurity News
November 24, 2025 01:08 PM
Italy Said to Explore Cyber Hub to Protect Sensitive Assets
Italy is considering the creation of a government-backed cybersecurity entity, a project that would potentially use acquisitions to...
November 12, 2025 08:00 AM
Earnings call transcript: Tinexta Q3 2025 sees revenue growth, strategic shifts
Tinexta SpA reported significant revenue growth in its Q3 2025 earnings call, with a 13% year-over-year increase.
July 06, 2025 07:00 AM
Tinexta Infocert joins Milano Cortina
The organising committee has added the cybersecurity and business innovation company as an official supporter of the 2026 Winter Olympics.
July 01, 2021 07:00 AM
Leonardo and Tinexta to support the digitisation of national industrial processes with cyber security and digital trust
Tinexta S.p.A., a leading company in Digital Trust, Cybersecurity, Credit Information & Management and Innovation & Marketing services,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TINEXTA S.P.A. CyberSecurity History Information
Official Website of TINEXTA S.P.A.
The official website of TINEXTA S.P.A. is http://www.tinexta.com.
TINEXTA S.P.A.’s AI-Generated Cybersecurity Score
According to Rankiteo, TINEXTA S.P.A.’s AI-generated cybersecurity score is 751, reflecting their Fair security posture.
How many security badges does TINEXTA S.P.A.’ have ?
According to Rankiteo, TINEXTA S.P.A. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does TINEXTA S.P.A. have SOC 2 Type 1 certification ?
According to Rankiteo, TINEXTA S.P.A. is not certified under SOC 2 Type 1.
Does TINEXTA S.P.A. have SOC 2 Type 2 certification ?
According to Rankiteo, TINEXTA S.P.A. does not hold a SOC 2 Type 2 certification.
Does TINEXTA S.P.A. comply with GDPR ?
According to Rankiteo, TINEXTA S.P.A. is not listed as GDPR compliant.
Does TINEXTA S.P.A. have PCI DSS certification ?
According to Rankiteo, TINEXTA S.P.A. does not currently maintain PCI DSS compliance.
Does TINEXTA S.P.A. comply with HIPAA ?
According to Rankiteo, TINEXTA S.P.A. is not compliant with HIPAA regulations.
Does TINEXTA S.P.A. have ISO 27001 certification ?
According to Rankiteo,TINEXTA S.P.A. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of TINEXTA S.P.A.
TINEXTA S.P.A. operates primarily in the IT Services and IT Consulting industry.
Number of Employees at TINEXTA S.P.A.
TINEXTA S.P.A. employs approximately 2,198 people worldwide.
Subsidiaries Owned by TINEXTA S.P.A.
TINEXTA S.P.A. presently has no subsidiaries across any sectors.
TINEXTA S.P.A.’s LinkedIn Followers
TINEXTA S.P.A.’s official LinkedIn profile has approximately 27,400 followers.
NAICS Classification of TINEXTA S.P.A.
TINEXTA S.P.A. is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
TINEXTA S.P.A.’s Presence on Crunchbase
No, TINEXTA S.P.A. does not have a profile on Crunchbase.
TINEXTA S.P.A.’s Presence on LinkedIn
Yes, TINEXTA S.P.A. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/tinexta.
Cybersecurity Incidents Involving TINEXTA S.P.A.
As of December 04, 2025, Rankiteo reports that TINEXTA S.P.A. has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
TINEXTA S.P.A. has an estimated 36,938 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at TINEXTA S.P.A. ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does TINEXTA S.P.A. detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disconnect gosign desktop from internet-facing services, containment measures with restrict network access of the application, containment measures with monitor for unexpected update activity, and remediation measures with transition to saas version (if feasible), and network segmentation with recommended as mitigation, and enhanced monitoring with recommended for update activity..
Incident Details
Can you provide details on each incident ?
Title: Critical Vulnerabilities in GoSign Desktop Allow Man-in-the-Middle Attacks and Arbitrary Code Execution
Description: A significant security vulnerability has been discovered in GoSign Desktop, a widely used solution for qualified electronic signatures developed by Tinexta InfoCert S.p.A. The flaws concern improper TLS (Transport Layer Security) certificate validation and an unverified update mechanism. Together, these issues could allow attackers to intercept data or deliver malicious updates. The TLS certificate validation flaw leaves sessions vulnerable to man-in-the-middle (MitM) attacks, enabling attackers to intercept or tamper with encrypted traffic, including credentials, authentication tokens, or documents. The lack of cryptographic verification in the update mechanism allows arbitrary code execution via malicious update packages. The risk is amplified due to GoSign Desktop's widespread use in government agencies and enterprises, often with administrator-level permissions. The SaaS/web version is reportedly unaffected, but the Desktop version remains vulnerable pending patches.
Type: Vulnerability
Attack Vector: Network-based (MitM)Unverified Software Updates
Vulnerability Exploited: Improper TLS Certificate Validation (CWE-295)Unverified Update Mechanism (Lack of Code Signing)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Network interception (MitM)Compromised update server.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability TIN4992049111725
Data Compromised: Credentials, Authentication tokens, Digitally signed documents, Sensitive business/government data
Systems Affected: GoSign Desktop (Windows/macOS/Linux - assumed)
Operational Impact: Potential fraud via manipulated digital signaturesLegal liability from compromised documentsLoss of trust in electronic signature workflows
Brand Reputation Impact: High (trust in digital signature provider eroded)Potential loss of government/enterprise contracts
Legal Liabilities: Fraudulent transactionsRegulatory non-compliance for digital signaturesContract disputes
Identity Theft Risk: ['High (if credentials intercepted)']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Potential: Credentials, Authentication Tokens, Digitally Signed Documents and .
Which entities were affected by each incident ?
Incident : Vulnerability TIN4992049111725
Entity Name: Tinexta InfoCert S.p.A.
Entity Type: Private Company, Digital Signature Provider
Industry: Cybersecurity, Digital Trust Services, eIDAS Qualified Trust Service Provider
Location: Italy (HQ)European Union (operational scope)
Customers Affected: Public administrations, Businesses, Professionals using GoSign Desktop
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability TIN4992049111725
Containment Measures: Disconnect GoSign Desktop from internet-facing servicesRestrict network access of the applicationMonitor for unexpected update activity
Remediation Measures: Transition to SaaS version (if feasible)
Network Segmentation: ['Recommended as mitigation']
Enhanced Monitoring: Recommended for update activity
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability TIN4992049111725
Type of Data Compromised: Potential: credentials, Authentication tokens, Digitally signed documents
Sensitivity of Data: High (legally binding digital signatures)Confidential business/government documents
Data Exfiltration: Possible via MitM attacks
Data Encryption: ['TLS encryption bypassed due to validation flaw']
File Types Exposed: Digital signature filesPDF/Document formats (assumed)
Personally Identifiable Information: Potential (if documents contain PII)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Transition to SaaS version (if feasible), .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disconnect gosign desktop from internet-facing services, restrict network access of the application, monitor for unexpected update activity and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Vulnerability TIN4992049111725
Regulations Violated: Potential: eIDAS Regulation (EU No 910/2014), Local data protection laws (if PII exposed),
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability TIN4992049111725
Lessons Learned: Critical importance of TLS certificate validation in security-sensitive applications, Mandatory code signing for software updates, especially in high-trust contexts, Need for transparent vulnerability disclosure and patch timelines, Risks of desktop applications in regulated workflows (vs. SaaS alternatives)
What recommendations were made to prevent future incidents ?
Incident : Vulnerability TIN4992049111725
Recommendations: Immediate: Isolate GoSign Desktop from untrusted networks, Short-term: Migrate to SaaS version (QC2-certified) where possible, Long-term: Implement rigorous code signing and TLS validation in development lifecycle, Policy: Require third-party audits for electronic signature software, Architectural: Prefer zero-trust models for high-value document workflowsImmediate: Isolate GoSign Desktop from untrusted networks, Short-term: Migrate to SaaS version (QC2-certified) where possible, Long-term: Implement rigorous code signing and TLS validation in development lifecycle, Policy: Require third-party audits for electronic signature software, Architectural: Prefer zero-trust models for high-value document workflowsImmediate: Isolate GoSign Desktop from untrusted networks, Short-term: Migrate to SaaS version (QC2-certified) where possible, Long-term: Implement rigorous code signing and TLS validation in development lifecycle, Policy: Require third-party audits for electronic signature software, Architectural: Prefer zero-trust models for high-value document workflowsImmediate: Isolate GoSign Desktop from untrusted networks, Short-term: Migrate to SaaS version (QC2-certified) where possible, Long-term: Implement rigorous code signing and TLS validation in development lifecycle, Policy: Require third-party audits for electronic signature software, Architectural: Prefer zero-trust models for high-value document workflowsImmediate: Isolate GoSign Desktop from untrusted networks, Short-term: Migrate to SaaS version (QC2-certified) where possible, Long-term: Implement rigorous code signing and TLS validation in development lifecycle, Policy: Require third-party audits for electronic signature software, Architectural: Prefer zero-trust models for high-value document workflows
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Critical importance of TLS certificate validation in security-sensitive applications,Mandatory code signing for software updates, especially in high-trust contexts,Need for transparent vulnerability disclosure and patch timelines,Risks of desktop applications in regulated workflows (vs. SaaS alternatives).
References
Where can I find more information about each incident ?
Incident : Vulnerability TIN4992049111725
Source: Security Research Report (unspecified)
Incident : Vulnerability TIN4992049111725
Source: eIDAS Regulation (EU No 910/2014)
URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32014R0910
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Security Research Report (unspecified), and Source: eIDAS Regulation (EU No 910/2014)Url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32014R0910.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability TIN4992049111725
Investigation Status: Ongoing (no public patch timeline from vendor)
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability TIN4992049111725
Stakeholder Advisories: Recommended: Notify All Gosign Desktop Users Of Risks, Coordinate With Legal Teams On Signature Validity.
Customer Advisories: Urgent: Avoid using GoSign Desktop until patchedVerify all digitally signed documents created during vulnerability window
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Recommended: Notify All Gosign Desktop Users Of Risks, Coordinate With Legal Teams On Signature Validity, Urgent: Avoid Using Gosign Desktop Until Patched, Verify All Digitally Signed Documents Created During Vulnerability Window and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability TIN4992049111725
Entry Point: Network Interception (Mitm), Compromised Update Server,
Backdoors Established: ['Potential via malicious updates']
High Value Targets: Digitally Signed Contracts, Government/Legal Documents, Financial Approvals,
Data Sold on Dark Web: Digitally Signed Contracts, Government/Legal Documents, Financial Approvals,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability TIN4992049111725
Root Causes: Lack Of Tls Certificate Validation In Network Communications, Absence Of Cryptographic Verification For Software Updates, Insufficient Secure Coding Practices For High-Trust Application, Delayed Public Disclosure And Patching Process,
Corrective Actions: Implement Proper Tls Certificate Validation (Rfc 5280 Compliance), Enforce Code Signing For All Update Packages, Conduct Third-Party Security Audit Of Gosign Desktop, Establish Transparent Vulnerability Management Process,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Recommended For Update Activity, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implement Proper Tls Certificate Validation (Rfc 5280 Compliance), Enforce Code Signing For All Update Packages, Conduct Third-Party Security Audit Of Gosign Desktop, Establish Transparent Vulnerability Management Process, .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credentials, Authentication Tokens, Digitally Signed Documents, Sensitive Business/Government Data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was GoSign Desktop (Windows/macOS/Linux - assumed).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Disconnect GoSign Desktop from internet-facing servicesRestrict network access of the applicationMonitor for unexpected update activity.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Authentication Tokens, Sensitive Business/Government Data, Credentials and Digitally Signed Documents.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Risks of desktop applications in regulated workflows (vs. SaaS alternatives).
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Long-term: Implement rigorous code signing and TLS validation in development lifecycle, Architectural: Prefer zero-trust models for high-value document workflows, Short-term: Migrate to SaaS version (QC2-certified) where possible, Immediate: Isolate GoSign Desktop from untrusted networks and Policy: Require third-party audits for electronic signature software.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are eIDAS Regulation (EU No 910/2014) and Security Research Report (unspecified).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32014R0910 .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no public patch timeline from vendor).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Recommended: Notify all GoSign Desktop users of risks, Coordinate with legal teams on signature validity, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Urgent: Avoid using GoSign Desktop until patchedVerify all digitally signed documents created during vulnerability window.
Initial Access Broker
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=tinexta' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
