UCI Health
Company Details
Linkedin ID:
uc-irvine-medical-center
Website:
Employees number:
5,148
Number of followers:
53,944
NAICS:
62
Industry Type:
Homepage:
linktr.ee
IP Addresses:
0
Company ID:
UCI_1832229
Scan Status:
In-progress
UCI Health Company CyberSecurity Posture
linktr.ee
UCI Health is committed to providing the highest quality healthcare to Orange County and surrounding communities through its world-class physicians, surgeons and clinical staff. UCI Health is the clinical enterprise of the University of California, Irvine. UC Irvine Medical Center, the main campus in Orange, California, features Orange County’s only National Cancer Institute-designated comprehensive cancer center, high-risk perinatal/neonatal program, Level I trauma center and Level II pediatric trauma center. It is the primary teaching hospital for UCI School of Medicine. Learn more about UCI Health: ucihealth.org Job information: ucihealth.org/careers Volunteer information: ucihealth.org/volunteer
UCI Health A.I CyberSecurity Scoring
UCI Health Risk Score (AI oriented)Between 750 and 799
UCI Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UCI Health Global Score (TPRM)XXXX
UCI Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UCI Health Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
UC Irvine Medical Center
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: In June 2015, the California Office of the Attorney General disclosed a data breach at the **University of California Irvine Medical Center**, where an employee improperly accessed patient records over an extended period—from **June 2011 to March 2015**. The unauthorized access exposed **personal health information (PHI)** of an **unknown number of patients**, though investigations found **no evidence of sensitive data being stolen or misused**. The breach stemmed from internal misconduct, highlighting vulnerabilities in **employee access controls and monitoring protocols**. While the exposed data included patient details, the lack of confirmed theft or external exploitation mitigated some risks. However, the prolonged duration of the breach (nearly **four years**) raised concerns about **compliance with healthcare privacy regulations (e.g., HIPAA)** and the potential for **reputational damage** due to the mishandling of confidential medical records. The incident underscored the need for stricter **audit trails, access restrictions, and employee training** to prevent similar internal breaches in healthcare institutions.
University of California, Irvine
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of California, Irvine experienced a data breach reported on **May 14, 2014**, involving unauthorized access to its systems. The breach occurred due to computers being infected with a **keystroke logger** between **February 14 and March 27, 2014**, which potentially compromised **personal and unencrypted medical data** of individuals. The exact number of affected individuals remains **unknown**, raising concerns about the exposure of sensitive health information. The attack method suggests a targeted intrusion aimed at harvesting confidential data, likely through malicious software designed to capture keystrokes—including login credentials, medical records, or other personally identifiable information (PII). The breach underscores vulnerabilities in the university’s cybersecurity defenses, particularly in protecting high-risk data like medical records, which are subject to strict regulatory protections (e.g., HIPAA). The incident highlights the risks of **unauthorized data access** in academic institutions handling sensitive information, with potential long-term repercussions for trust, legal compliance, and individual privacy.
UCI Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: An employee of UC Irvine Medical Center unethically viewed thousands of patient records over a four-year period. The incident compromised the personal health information including names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, of 4,859 patients . The center investigated the incident with the help of external security experts and notifies the affected patients.
UCI Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UCI Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for UCI Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UCI Health in 2025.
Incident Types UCI Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for UCI Health in 2025.
Incident History — UCI Health (X = Date, Y = Severity)
UCI Health cyber incidents detection timeline including parent company and subsidiaries
UCI Health Company Subsidiaries
UCI Health is committed to providing the highest quality healthcare to Orange County and surrounding communities through its world-class physicians, surgeons and clinical staff. UCI Health is the clinical enterprise of the University of California, Irvine. UC Irvine Medical Center, the main campus in Orange, California, features Orange County’s only National Cancer Institute-designated comprehensive cancer center, high-risk perinatal/neonatal program, Level I trauma center and Level II pediatric trauma center. It is the primary teaching hospital for UCI School of Medicine. Learn more about UCI Health: ucihealth.org Job information: ucihealth.org/careers Volunteer information: ucihealth.org/volunteer
Loading...
UCI Health Similar Companies
Ramsay Santé
After the acquisition of the Capio Group in 2018, Ramsay Santé has become Europe's leading private hospital and primary care companies. The group now has 36,000 employees and works with nearly 8,600 private practitioners. Present in 5 countries, France, Sweden, Norway, Denmark and Italy, the group
St. Luke's University Health Network
Founded in 1872, St. Luke’s University Health Network (SLUHN) is a fully integrated, regional, non-profit network of more than 23,000 employees providing services at 16 campuses and 350+ outpatient sites. With annual net revenue of $4 billion, the Network’s service area includes 11 counties in two s
Allina Health
People at Allina Health have a career of making a difference in the lives of the millions of patients we see each year at our 90+ clinics, 12 hospitals and through a wide variety of specialty care services in Minnesota and western Wisconsin. We’re a not-for-profit organization committed to enrichin
Select Medical made a commitment more than 20 years ago to deliver an exceptional patient care experience that promotes healing and recovery in a compassionate environment. We have honored that promise by helping define the nation's standard of excellence in specialized hospital and rehabilitative c
Texas Children's Hospital
Texas Children’s Hospital is a world-class pediatric facility, nationally recognized as a top children’s hospital, and voted one of the best places to work in Houston for nine years running. We’re committed to creating a healthy community for children by providing the best pediatric care possible, t
OhioHealth
OhioHealth is a nationally recognized, not-for-profit, faith-based health system of more than 35,000 associates, providers and volunteers. We lead with our mission to improve the health of those we serve throughout our 16 hospitals and 200+ urgent, primary and specialty care sites spanning 50 Ohio c
Home Instead UK
Here at Home Instead, our mission is to expand the world's capacity to care. Across the globe we care for thousands of older adults, helping them live well at home for longer. In the UK, we’re reaching more older people than ever with an expansive network of 240 independently owned and operated
Wellstar Health System
At Wellstar Health System, our mission is to enhance the health and well-being of every person we serve. Nationally ranked and locally recognized for our high-quality care, inclusive culture and world-class doctors and caregivers, Wellstar is one of the largest, most integrated healthcare systems in
Ramsay Health Care
Ramsay Health Care is a trusted provider of private hospital and healthcare services in Australia, Europe and the United Kingdom. Every year, millions of patients put their trust in Ramsay, confident in our ability to deliver safe, high-quality healthcare with outstanding clinical outcomes. We ope
.png)
UCI Health CyberSecurity News
October 14, 2025 07:00 AM
UC Spotlight: October 2025
The UC Irvine Health Orange trauma center and Regional Burn Center teams heroically stepped in after a plane crash in Fullerton,...
October 09, 2025 07:00 AM
South Korea Donates Shs 2.3bn Cancer Machines to UCI
Regular medical check-ups are critical. I urge all women to go for screening at least once every month to ensure early detection and...
July 22, 2025 07:00 AM
What physicians should consider before buying an AI product
Clinical relevance, transparency, compliance among chief considerations, says UCI Health chief medical information officer.
July 22, 2025 07:00 AM
UC Irvine probe into state data brokers raises legal and privacy concerns
UC Irvine research on companies collecting and selling personal information discovered violations of the California Consumer Privacy Act.
June 23, 2025 07:00 AM
The top 10 nonprofit health systems by 2024 operating revenue
Operating revenues popped across fiscal 2024 as many of the largest nonprofits combined strong demand with capacity increases.
May 19, 2025 07:00 AM
UC Irvine team wins National Collegiate Cyber Defense Competition
Irvine, Calif., May 19, 2025 — An eight-member team of University of California, Irvine students won first place in the recent National...
February 25, 2025 08:00 AM
Lack of AI governance poses threat to data security, new HIMSS research shows
Healthcare organizations are making progress in strengthening their security postures, but increased focus on governance and further...
February 21, 2025 08:00 AM
Riverside Cybersecurity Job Market: Trends and Growth Areas for 2025
The cybersecurity job market in Riverside is set to boom by 2025, with a projected 22% job growth. With nearly 700 unfilled positions...
February 12, 2025 08:00 AM
UC Spotlight: February 2025
Our monthly UC Spotlight celebrates the UC locations, teams and individual staff members who are helping to make UC a great place to work.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UCI Health CyberSecurity History Information
Official Website of UCI Health
The official website of UCI Health is https://linktr.ee/ucihealth.
UCI Health’s AI-Generated Cybersecurity Score
According to Rankiteo, UCI Health’s AI-generated cybersecurity score is 757, reflecting their Fair security posture.
How many security badges does UCI Health’ have ?
According to Rankiteo, UCI Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UCI Health have SOC 2 Type 1 certification ?
According to Rankiteo, UCI Health is not certified under SOC 2 Type 1.
Does UCI Health have SOC 2 Type 2 certification ?
According to Rankiteo, UCI Health does not hold a SOC 2 Type 2 certification.
Does UCI Health comply with GDPR ?
According to Rankiteo, UCI Health is not listed as GDPR compliant.
Does UCI Health have PCI DSS certification ?
According to Rankiteo, UCI Health does not currently maintain PCI DSS compliance.
Does UCI Health comply with HIPAA ?
According to Rankiteo, UCI Health is not compliant with HIPAA regulations.
Does UCI Health have ISO 27001 certification ?
According to Rankiteo,UCI Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UCI Health
UCI Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at UCI Health
UCI Health employs approximately 5,148 people worldwide.
Subsidiaries Owned by UCI Health
UCI Health presently has no subsidiaries across any sectors.
UCI Health’s LinkedIn Followers
UCI Health’s official LinkedIn profile has approximately 53,944 followers.
NAICS Classification of UCI Health
UCI Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
UCI Health’s Presence on Crunchbase
No, UCI Health does not have a profile on Crunchbase.
UCI Health’s Presence on LinkedIn
Yes, UCI Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/uc-irvine-medical-center.
Cybersecurity Incidents Involving UCI Health
As of November 27, 2025, Rankiteo reports that UCI Health has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
UCI Health has an estimated 30,007 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UCI Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does UCI Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with external security experts, and communication strategy with notifies the affected patients, and communication strategy with public disclosure via california office of the attorney general..
Incident Details
Can you provide details on each incident ?
Title: Unauthorized Access to Patient Records at UC Irvine Medical Center
Description: An employee of UC Irvine Medical Center unethically viewed thousands of patient records over a four-year period. The incident compromised the personal health information including names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, of 4,859 patients.
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Insider Threat
Threat Actor: Employee
Motivation: Unethical Behavior
Title: University of California Irvine Medical Center Data Breach (2011-2015)
Description: An employee improperly accessed patient records between June 2011 and March 2015 at the University of California Irvine Medical Center. The breach potentially affected an unknown number of patients, exposing various personal health information, but no evidence was found of sensitive information being removed.
Date Detected: 2015-03-01
Date Publicly Disclosed: 2015-06-17
Type: Data Breach (Insider Threat)
Attack Vector: Insider Access Abuse
Threat Actor: Internal Employee
Motivation: Unknown (Potentially Unauthorized Curiosity or Malicious Intent)
Title: University of California, Irvine Data Breach (2014)
Description: The California Office of the Attorney General reported a data breach by the University of California, Irvine on May 14, 2014. The breach involved unauthorized access to computers infected with a keystroke logger between February 14 and March 27, 2014, potentially affecting personal information for individuals, including unencrypted medical data. The number of individuals affected is unknown.
Date Detected: 2014-03-27
Date Publicly Disclosed: 2014-05-14
Type: Data Breach
Attack Vector: Keystroke Logger (Malware)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UCI2241522
Data Compromised: Names, Dates of birth, Gender, Medical record numbers, Height, Weight, Medical center account numbers, Allergy information, Home address, Medical documentation, Diagnoses, Test orders and results
Incident : Data Breach (Insider Threat) UC-952091725
Data Compromised: Personal health information (phi)
Brand Reputation Impact: Potential Reputational Harm (Healthcare Trust Erosion)
Identity Theft Risk: Low (No Evidence of Data Exfiltration)
Incident : Data Breach UC-013091825
Data Compromised: Personal information, Unencrypted medical data
Systems Affected: Computers
Identity Theft Risk: Potential
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Dates Of Birth, Gender, Medical Record Numbers, Height, Weight, Medical Center Account Numbers, Allergy Information, Home Address, Medical Documentation, Diagnoses, Test Orders And Results, , Personal Health Information (PHI), Personal Information, Medical Data and .
Which entities were affected by each incident ?
Incident : Data Breach UCI2241522
Entity Name: UC Irvine Medical Center
Entity Type: Hospital
Industry: Healthcare
Location: Irvine, CA
Customers Affected: 4,859 patients
Incident : Data Breach (Insider Threat) UC-952091725
Entity Name: University of California Irvine Medical Center
Entity Type: Healthcare Provider / Academic Medical Center
Industry: Healthcare
Location: Orange, California, USA
Customers Affected: Unknown (Patients)
Incident : Data Breach UC-013091825
Entity Name: University of California, Irvine
Entity Type: Educational Institution
Industry: Higher Education
Location: Irvine, California, USA
Customers Affected: Unknown
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach UCI2241522
Third Party Assistance: external security experts
Communication Strategy: notifies the affected patients
Incident : Data Breach (Insider Threat) UC-952091725
Communication Strategy: Public Disclosure via California Office of the Attorney General
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through external security experts.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UCI2241522
Type of Data Compromised: Names, Dates of birth, Gender, Medical record numbers, Height, Weight, Medical center account numbers, Allergy information, Home address, Medical documentation, Diagnoses, Test orders and results
Number of Records Exposed: 4,859
Sensitivity of Data: High
Personally Identifiable Information: namesdates of birthgendermedical record numbersheightweightmedical center account numbersallergy informationhome address
Incident : Data Breach (Insider Threat) UC-952091725
Type of Data Compromised: Personal Health Information (PHI)
Number of Records Exposed: Unknown
Sensitivity of Data: High (Health Records)
Data Exfiltration: No Evidence
Personally Identifiable Information: Likely (PHI includes PII elements)
Incident : Data Breach UC-013091825
Type of Data Compromised: Personal information, Medical data
Number of Records Exposed: Unknown
Sensitivity of Data: High (Unencrypted Medical Data)
Data Exfiltration: Potential
Data Encryption: No (Data was unencrypted)
Personally Identifiable Information: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach (Insider Threat) UC-952091725
Regulations Violated: HIPAA (Potential Violation), California Data Breach Notification Law,
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach UC-013091825
Regulatory Notifications: California Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach (Insider Threat) UC-952091725
Source: California Office of the Attorney General
Date Accessed: 2015-06-17
Incident : Data Breach UC-013091825
Source: California Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2015-06-17, and Source: California Office of the Attorney General.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach (Insider Threat) UC-952091725
Investigation Status: Completed (No Evidence of Data Theft)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through notifies the affected patients and Public Disclosure via California Office of the Attorney General.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach (Insider Threat) UC-952091725
Root Causes: Lack of Access Controls / Monitoring for Insider Threats
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as external security experts.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Employee and Internal Employee.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2015-03-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2014-05-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, , Personal Health Information (PHI), , Personal Information, Unencrypted Medical Data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Computers.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was external security experts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were medical documentation, Unencrypted Medical Data, medical center account numbers, dates of birth, home address, Personal Health Information (PHI), Personal Information, allergy information, gender, medical record numbers, diagnoses, weight, height, names and test orders and results.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.9K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (No Evidence of Data Theft).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=uc-irvine-medical-center' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
