TSMC
Company Details
Linkedin ID:
tsmc
Website:
Employees number:
23,998
Number of followers:
770,613
NAICS:
3344
Industry Type:
Homepage:
tsmc.com
IP Addresses:
0
Company ID:
TSM_2921566
Scan Status:
In-progress
TSMC Company CyberSecurity Posture
tsmc.com
Established in 1987, TSMC is the world's first dedicated semiconductor foundry. As the founder and a leader of the Dedicated IC Foundry segment, TSMC has built its reputation by offering advanced and "More-than-Moore" wafer production processes and unparalleled manufacturing efficiency. From its inception, TSMC has consistently offered the foundry segment's leading technologies and TSMC COMPATIBLE® design services. TSMC has consistently experienced strong growth by building solid partnerships with its customers, large and small. IC suppliers from around the world trust TSMC with their manufacturing needs, thanks to its unique integration of cutting-edge process technologies, pioneering design services, manufacturing productivity and product quality. The company's total managed capacity reached above 9 million 12-inch equivalent wafers in 2015. TSMC operates three advanced 12-inch wafer fabs, four eight-inch wafer fabs, one six-inch wafer fab (fab 2) and two backend fabs (advanced backend fab 1 and 2). TSMC also manages two eight-inch fabs at wholly owned subsidiaries: WaferTech in the United States and TSMC China Company Limited. TSMC also obtains eight-inch wafer capacity from other companies in which the Company has an equity interest. TSMC is listed on the Taiwan Stock Exchange (TWSE) under ticker number 2330, and its American Depositary Shares trade on the New York Stock Exchange (NYSE) under the symbol "TSM".
TSMC A.I CyberSecurity Scoring
TSMC Risk Score (AI oriented)Between 800 and 849
TSMC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TSMC Global Score (TPRM)XXXX
TSMC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TSMC Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
TSMC
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The largest contract chip manufacturer in the world, Taiwan Semiconductor Manufacturing Company (TSMC), has acknowledged that a data breach occurred after being identified as a victim by the LockBit ransomware group. If the business does not comply with the gang's $70 million ransom demand, the corporation risks having data seized from it published. This company controls 60% of the global foundry market. In accordance with the Company's security rules and SOPs, TSMC promptly stopped exchanging data with the relevant supplier.
Taiwan Semiconductor Manufacturing Co.
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Taiwan prosecutors arrested six individuals suspected of stealing trade secrets from TSMC, a critical global semiconductor manufacturer. The breach involved former and current employees allegedly obtaining core technology, with investigations ongoing to determine if data was leaked to external parties. TSMC, a key supplier for companies like Nvidia and Apple, has taken disciplinary and legal actions. The incident highlights risks to national security and the competitive edge in advanced chipmaking, particularly as TSMC prepares for mass production of 2-nanometer chips. The case underscores the high stakes in semiconductor technology amid global competition.
TSMC
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The confidential code signing keys for Taiwanese PC manufacturer MSI were exposed on a darkweb leak site used by the ransomware group that attacked the firm. It claimed to have taken private keys and a framework for creating bios from the company along with the source code. The expert cautions about the potential effects of such a leak and suggests carrying out a careful examination to ascertain the extent of the leak.
TSMC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TSMC
Incidents vs Semiconductor Manufacturing Industry Average (This Year)
TSMC has 25.0% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
TSMC has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types TSMC vs Semiconductor Manufacturing Industry Avg (This Year)
TSMC reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — TSMC (X = Date, Y = Severity)
TSMC cyber incidents detection timeline including parent company and subsidiaries
TSMC Company Subsidiaries
Established in 1987, TSMC is the world's first dedicated semiconductor foundry. As the founder and a leader of the Dedicated IC Foundry segment, TSMC has built its reputation by offering advanced and "More-than-Moore" wafer production processes and unparalleled manufacturing efficiency. From its inception, TSMC has consistently offered the foundry segment's leading technologies and TSMC COMPATIBLE® design services. TSMC has consistently experienced strong growth by building solid partnerships with its customers, large and small. IC suppliers from around the world trust TSMC with their manufacturing needs, thanks to its unique integration of cutting-edge process technologies, pioneering design services, manufacturing productivity and product quality. The company's total managed capacity reached above 9 million 12-inch equivalent wafers in 2015. TSMC operates three advanced 12-inch wafer fabs, four eight-inch wafer fabs, one six-inch wafer fab (fab 2) and two backend fabs (advanced backend fab 1 and 2). TSMC also manages two eight-inch fabs at wholly owned subsidiaries: WaferTech in the United States and TSMC China Company Limited. TSMC also obtains eight-inch wafer capacity from other companies in which the Company has an equity interest. TSMC is listed on the Taiwan Stock Exchange (TWSE) under ticker number 2330, and its American Depositary Shares trade on the New York Stock Exchange (NYSE) under the symbol "TSM".
Loading...
TSMC Similar Companies
KLA develops industry-leading equipment and services that enable innovation throughout the electronics industry. We provide advanced process control and process-enabling solutions for manufacturing wafers and reticles, integrated circuits, packaging and printed circuit boards. In close collaboration
We anticipate tomorrow’s needs—navigating a changing world by bringing together technology's brightest minds to build game-changing solutions that propel us forward. NXP Semiconductors N.V. (NASDAQ: NXPI) is the trusted partner for innovative solutions in the automotive, industrial & IoT, mobile, an
STMicroelectronics
ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life. ST’s products are found everywhere today, and together with our customers, we are enabling smarter driving and smarter factories, cities an
Lam Research
Lam Research Corp. (NASDAQ:LRCX) At Lam Research, we create equipment that drives technological advancements in the semiconductor industry. Our innovative solutions enable chipmakers to power progress in nearly all aspects of modern life, and it takes each member of our team to make it possible. A
ASML
Who are we? ASML is an innovation leader in the global semiconductor industry. We make machines that chipmakers use to mass produce microchips. Founded in 1984 in the Netherlands with just a handful of employees, we’ve now grown to over 40,000 employees, 143 nationalities and more than 60 locations
Renesas is an embedded semiconductor solution provider driven by its Purpose ‘To Make Our Lives Easier.’ As the industry’s leading expert in embedded processing with unmatched quality and system-level know-how, we have evolved to provide scalable and comprehensive semiconductor solutions for automot
Micron is an industry leader in innovative memory and storage solutions transforming how the world uses information to enrich life for all. With a relentless focus on our customers, technology leadership, and manufacturing and operational excellence, Micron delivers a rich portfolio of high-performa
Analog Devices, Inc. (NASDAQ: ADI) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and
Applied Materials is the leader in materials engineering solutions that are at the foundation of virtually every new semiconductor and advanced display in the world. The technology we create is essential to advancing AI and accelerating the commercialization of next-generation chips. At Applied, we
.png)
TSMC CyberSecurity News
November 28, 2025 10:45 PM
Apple Eyes Intel Comeback for M-Series Chip Production by 2027
Apple is preparing to shift part of its chip production back to Intel, marking a significant pivot in its supply chain strategy.
November 25, 2025 09:17 AM
Japan's Rapidus to build cutting-edge 1.4-nm chip plant in race with TSMC
TOKYO -- Rapidus, which aims to bring production of leading-edge semiconductors back to Japan, is set to start construction on a second...
November 19, 2025 08:00 AM
Cybersecurity’s AI Battle: Doppel Takes the Lead Responding to a 300% Increase in Social Engineering Threats
Doppel, a cybersecurity company focused on AI-powered threat detection, has raised $70 million in Series C funding, pushing its valuation...
October 22, 2025 07:00 AM
Israel/Taiwan • Secrets of Taiwan-Israel cyberpact revealed - 22/10/2025
Taiwan-Israel: behind the scenes of a discreet partnership (2/2) – Behind apparent standard technological agreements, Israeli and Taiwanese...
September 25, 2025 07:00 AM
Can Synopsys and TSMC Accelerate Next-Gen Chip Design With AI?
Synopsys TSMC collaboration expands certified flows, IP, and 3DIC enablement to accelerate AI and multi-die chip design on advanced nodes.
September 04, 2025 07:00 AM
U.S. removes TSMC’s ability to freely ship supplies to China
The U.S. government reportedly revoked authorisation for Taiwan Semiconductor Manufacturing Company (TSMC) to ship chip supplies to China.
August 30, 2025 07:00 AM
Taiwan’s TSMC to market trade secrets system
TAIPEI (Taiwan News) — TSMC plans to offer its in-house trade secret registry to suppliers and partners in Europe and the US,...
August 29, 2025 07:00 AM
TSMC to launch initiative to improve trade secret protection among partners
TSMC is extending its influence beyond chipmaking by offering a trade secrets management system to suppliers, aiming to strengthen...
August 07, 2025 07:00 AM
TSMC Shares Soar 4.9% To Record After Trump Announces Tariff Exemption
TSMC, Samsung, SK Hynix and others that have invested in or plan to invest will pay no tariff, according to the president's comments.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TSMC CyberSecurity History Information
Official Website of TSMC
The official website of TSMC is http://www.tsmc.com.
TSMC’s AI-Generated Cybersecurity Score
According to Rankiteo, TSMC’s AI-generated cybersecurity score is 813, reflecting their Good security posture.
How many security badges does TSMC’ have ?
According to Rankiteo, TSMC currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does TSMC have SOC 2 Type 1 certification ?
According to Rankiteo, TSMC is not certified under SOC 2 Type 1.
Does TSMC have SOC 2 Type 2 certification ?
According to Rankiteo, TSMC does not hold a SOC 2 Type 2 certification.
Does TSMC comply with GDPR ?
According to Rankiteo, TSMC is not listed as GDPR compliant.
Does TSMC have PCI DSS certification ?
According to Rankiteo, TSMC does not currently maintain PCI DSS compliance.
Does TSMC comply with HIPAA ?
According to Rankiteo, TSMC is not compliant with HIPAA regulations.
Does TSMC have ISO 27001 certification ?
According to Rankiteo,TSMC is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of TSMC
TSMC operates primarily in the Semiconductor Manufacturing industry.
Number of Employees at TSMC
TSMC employs approximately 23,998 people worldwide.
Subsidiaries Owned by TSMC
TSMC presently has no subsidiaries across any sectors.
TSMC’s LinkedIn Followers
TSMC’s official LinkedIn profile has approximately 770,613 followers.
NAICS Classification of TSMC
TSMC is classified under the NAICS code 3344, which corresponds to Semiconductor and Other Electronic Component Manufacturing.
TSMC’s Presence on Crunchbase
No, TSMC does not have a profile on Crunchbase.
TSMC’s Presence on LinkedIn
Yes, TSMC maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/tsmc.
Cybersecurity Incidents Involving TSMC
As of December 14, 2025, Rankiteo reports that TSMC has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
TSMC has an estimated 1,271 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at TSMC ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
How does TSMC detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with stopped exchanging data with the relevant supplier, and incident response plan activated with internal investigation, and law enforcement notified with yes, and containment measures with disciplinary action, legal proceedings..
Incident Details
Can you provide details on each incident ?
Title: MSI Code Signing Keys Exposed on Darkweb
Description: The confidential code signing keys for Taiwanese PC manufacturer MSI were exposed on a darkweb leak site used by the ransomware group that attacked the firm. It claimed to have taken private keys and a framework for creating bios from the company along with the source code. The expert cautions about the potential effects of such a leak and suggests carrying out a careful examination to ascertain the extent of the leak.
Type: Data Breach
Attack Vector: Darkweb Leak
Threat Actor: Ransomware Group
Title: TSMC Data Breach by LockBit Ransomware Group
Description: Taiwan Semiconductor Manufacturing Company (TSMC), the largest contract chip manufacturer in the world, has acknowledged that a data breach occurred after being identified as a victim by the LockBit ransomware group.
Type: Ransomware
Threat Actor: LockBit ransomware group
Motivation: Financial gain
Title: Trade Secrets Theft at Taiwan Semiconductor Manufacturing Co. (TSMC)
Description: Taiwan prosecutors arrested six people suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co. (TSMC), involving potential national security breaches. The incident includes allegations of illegal obtaining of core technology by former and current staff.
Type: Insider Threat, Trade Secret Theft
Attack Vector: Insider Access
Threat Actor: Former and Current Employees
Motivation: Financial Gain, Corporate Espionage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Insider Access.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach TSM223728523
Data Compromised: Code signing keys, Bios framework, Source code
Incident : Insider Threat, Trade Secret Theft TSM232080925
Data Compromised: Core Technology, 2-nanometer Chip Development Information
Brand Reputation Impact: Potential Damage
Legal Liabilities: Legal Proceedings Initiated
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Code Signing Keys, Bios Framework, Source Code, , Trade Secrets and Core Technology.
Which entities were affected by each incident ?
Incident : Data Breach TSM223728523
Entity Name: MSI
Entity Type: PC Manufacturer
Industry: Technology
Location: Taiwan
Incident : Ransomware TSM21112723
Entity Name: Taiwan Semiconductor Manufacturing Company (TSMC)
Entity Type: Corporation
Industry: Semiconductor Manufacturing
Location: Taiwan
Incident : Insider Threat, Trade Secret Theft TSM232080925
Entity Name: Taiwan Semiconductor Manufacturing Co. (TSMC)
Entity Type: Corporation
Industry: Semiconductor Manufacturing
Location: Taiwan
Size: Large
Incident : Insider Threat, Trade Secret Theft TSM232080925
Entity Name: Tokyo Electron Ltd.
Entity Type: Supplier
Industry: Semiconductor Equipment
Location: Taiwan (Premises)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware TSM21112723
Containment Measures: Stopped exchanging data with the relevant supplier
Incident : Insider Threat, Trade Secret Theft TSM232080925
Incident Response Plan Activated: Internal Investigation
Law Enforcement Notified: Yes
Containment Measures: Disciplinary Action, Legal Proceedings
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Internal Investigation.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach TSM223728523
Type of Data Compromised: Code signing keys, Bios framework, Source code
Incident : Insider Threat, Trade Secret Theft TSM232080925
Type of Data Compromised: Trade Secrets, Core Technology
Sensitivity of Data: High
Data Exfiltration: Suspected
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by stopped exchanging data with the relevant supplier, , disciplinary action and legal proceedings.
Ransomware Information
Was ransomware involved in any of the incidents ?
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Insider Threat, Trade Secret Theft TSM232080925
Legal Actions: Legal Proceedings Initiated
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Legal Proceedings Initiated.
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach TSM223728523
Recommendations: Carry out a careful examination to ascertain the extent of the leak.
References
Where can I find more information about each incident ?
Incident : Insider Threat, Trade Secret Theft TSM232080925
Source: Bloomberg
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BloombergUrl: https://www.bloomberg.com.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Insider Threat, Trade Secret Theft TSM232080925
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Insider Threat, Trade Secret Theft TSM232080925
Entry Point: Insider Access
High Value Targets: 2-nanometer Chip Development Information
Data Sold on Dark Web: 2-nanometer Chip Development Information
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Insider Threat, Trade Secret Theft TSM232080925
Root Causes: Insider Threat
Corrective Actions: Disciplinary Action, Legal Proceedings
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Disciplinary Action, Legal Proceedings.
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $70 million.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Ransomware Group, LockBit ransomware group and Former and Current Employees.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Code Signing Keys, BIOS Framework, Source Code, , Core Technology and 2-nanometer Chip Development Information.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Stopped exchanging data with the relevant supplier, Disciplinary Action and Legal Proceedings.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Core Technology, 2-nanometer Chip Development Information, BIOS Framework, Source Code and Code Signing Keys.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $70 million.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Legal Proceedings Initiated.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Carry out a careful examination to ascertain the extent of the leak..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Bloomberg.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.bloomberg.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Insider Access.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 2.6
Severity: HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=tsmc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
