USAF
Company Details
Linkedin ID:
united-states-air-force
Website:
Employees number:
237,826
Number of followers:
753,336
NAICS:
336414
Industry Type:
Homepage:
airforce.com
IP Addresses:
0
Company ID:
UNI_2710140
Scan Status:
In-progress
United States Air Force Company CyberSecurity Posture
airforce.com
The mission of the United States Air Force is to fly, fight and win … in air, space and cyberspace. To achieve that mission, the Air Force has a vision of Global Vigilance, Reach and Power. That vision orbits around three core competencies: developing Airmen, technology to war fighting and integrating operations. These core competencies make our six distinctive capabilities possible. Air and Space Superiority: With it, joint forces can dominate enemy operations in all dimensions: land, sea, air and space. Global Attack: Because of technological advances, the Air Force can attack anywhere, anytime and do so quickly and with greater precision than ever before. Rapid Global Mobility: Being able to respond quickly and decisively anywhere we're needed is key to maintaining rapid global mobility. Precision Engagement: The essence lies in the ability to apply selective force against specific targets because the nature and variety of future contingencies demand both precise and reliable use of military power with minimal risk and collateral damage. Information Superiority: The ability of joint force commanders to keep pace with information and incorporate it into a campaign plan is crucial. Agile Combat Support: Deployment and sustainment are keys to successful operations and cannot be separated. Agile combat support applies to all forces, from those permanently based to contingency buildups to expeditionary
United States Air Force A.I CyberSecurity Scoring
USAF Risk Score (AI oriented)Between 750 and 799
USAF
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
USAF Global Score (TPRM)XXXX
USAF
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
USAF Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
US Air Force
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The US Air Force is investigating a critical data breach involving the exposure of **Personally Identifiable Information (PII)** and **Protected Health Information (PHI)** due to vulnerabilities in **Microsoft SharePoint**. The breach, linked to **Chinese-affiliated hacking groups (Linen Typhoon, Violet Typhoon, Storm-2603)**, exploited authentication bypass and remote code execution flaws, enabling unauthorized access to sensitive data, including **MachineKey information**. As a precaution, the Air Force blocked all SharePoint access across its systems, with potential extensions to **Microsoft Teams and Power BI dashboards** due to their integration with SharePoint. The incident follows a broader pattern of state-sponsored cyberattacks targeting US federal agencies, raising concerns over national security and data integrity. The breach’s full scope remains under investigation by **Microsoft and US authorities**, with suspicions also directed toward **Russian state-sponsored actors** given historical precedents. The exposed data includes highly sensitive military personnel records, posing risks of identity theft, espionage, or operational disruptions.
U.S. Air Force
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence: Attack which stop a factory
Description: The U.S. Air Force experienced significant disruption due to coordinated DDoS attacks orchestrated by pro-Iranian hacktivist groups following geopolitical tensions. These attacks, executed by groups like Mr Hamza and Keymous+, targeted military domains and resulted in sustained downtime over 10-hour periods. The Department of Homeland Security issued warnings about potential low-level and sophisticated attacks, highlighting the persistent threat to national cybersecurity infrastructure.
United States Air Force
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Thousands of US Air Force records, including highly private personnel data on senior and high-ranking commanders exposed due to an unprotected backup disc. The compromised data includes personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to the sensitive compartmented information and codeword-level clearance. The internet-connected backup drive's lack of a password made the gigabytes of files accessible to everyone, according to security researchers.
USAF Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for USAF
Incidents vs Defense and Space Manufacturing Industry Average (This Year)
United States Air Force has 173.97% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
United States Air Force has 156.41% more incidents than the average of all companies with at least one recorded incident.
Incident Types USAF vs Defense and Space Manufacturing Industry Avg (This Year)
United States Air Force reported 2 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — USAF (X = Date, Y = Severity)
USAF cyber incidents detection timeline including parent company and subsidiaries
USAF Company Subsidiaries
The mission of the United States Air Force is to fly, fight and win … in air, space and cyberspace. To achieve that mission, the Air Force has a vision of Global Vigilance, Reach and Power. That vision orbits around three core competencies: developing Airmen, technology to war fighting and integrating operations. These core competencies make our six distinctive capabilities possible. Air and Space Superiority: With it, joint forces can dominate enemy operations in all dimensions: land, sea, air and space. Global Attack: Because of technological advances, the Air Force can attack anywhere, anytime and do so quickly and with greater precision than ever before. Rapid Global Mobility: Being able to respond quickly and decisively anywhere we're needed is key to maintaining rapid global mobility. Precision Engagement: The essence lies in the ability to apply selective force against specific targets because the nature and variety of future contingencies demand both precise and reliable use of military power with minimal risk and collateral damage. Information Superiority: The ability of joint force commanders to keep pace with information and incorporate it into a campaign plan is crucial. Agile Combat Support: Deployment and sustainment are keys to successful operations and cannot be separated. Agile combat support applies to all forces, from those permanently based to contingency buildups to expeditionary
Loading...
USAF Similar Companies
UK Ministry of Defence
We protect the security, independence and interests of the United Kingdom at home and abroad. We work with our allies and partners whenever possible. Our aim is to ensure that the UK’s Armed Forces have the training, equipment and support necessary for their work, and that we keep within budget.
Lockheed Martin
The world relies on what we do. Headquartered in Bethesda, Maryland, with offices across the U.S. and around the globe, our team delivers solutions that strengthen national security, shape industries and push engineering and technology to new levels. We collaborate to win. We put our customers fi
L3 Technologies
With headquarters in New York City and approximately 31,000 employees worldwide, L3 develops advanced defense technologies and commercial solutions in pilot training, aviation security, night vision and EO/IR, weapons, maritime systems and space. The company reported 2018 sales of $10.2 billion. To
Leonardo
Leonardo is a global security company that realises multi-domain technological capabilities in AD&S. With over 53,000 employees worldwide, the company has a significant industrial presence in Italy, the UK, Poland, and the US. It also has a commercial presence in 150 countries through subsidiaries
At BAE Systems, we help our customers to stay a step ahead when protecting people and national security, critical infrastructure and vital information. We provide some of the world’s most advanced, technology-led defence, aerospace and security solutions and employ a skilled workforce of 107,000 peo
V2X is a leading provider of critical mission solutions and support to defense clients globally, formed by the 2022 Merger of Vectrus and Vertex to build on more than 120 combined years of successful mission support. We deliver a comprehensive suite of integrated solutions across the operations and
NAVAL GROUP
As an international naval defence player, Naval Group is a partner for countries seeking to maintain control of their maritime sovereignty. Naval Group develops innovative solutions to meet its customers’ requirements. The group is present throughout the entire life cycle of vessels. It designs, pro
General Atomics
The freedom to explore. The promise to deliver. General Atomics, based in San Diego, CA, develops advanced technology solutions for government and commercial applications. Privately owned and vertically integrated, we have the freedom to invest in the most innovative technologies, and the resource
Republic of Korea Air Force
The Republic of Korea Air Force (ROKAF; Korean: 대한민국 공군; Hanja: 大韓民國 空軍; Revised Romanization: Daehanminguk Gong-gun), also known as the ROK Air Force, is the aerial warfare service branch of South Korea, operating under the South Korean Ministry of National Defense. The ROKAF has about 450 combat
.png)
USAF CyberSecurity News
December 11, 2025 11:39 AM
Qryptonic Announces Leadership Team and Unveils Quantum-Ready Cryptographic Platforms for Cybersecurity
MIAMI, Dec. 11, 2025 /PRNewswire/ -- Qryptonic LLC today disclosed the nine senior leaders and advisors shaping its Q-Scout cryptographic...
November 23, 2025 08:00 AM
Commercial space flight, cybersecurity industry leaders hope to prompt government investment
Space travel and cyber warfare may have once been confined to novels and movie screens, but for state leaders, those concepts are now less...
November 05, 2025 08:00 AM
The race to defend satellites from cyberattacks
A small satellite named Deloitte-1 is hunting for hackers in orbit. Launched in March, it's the first of nine spacecraft the consulting firm...
October 20, 2025 07:00 AM
China accuses US of cyberattacks after alleged NSA hack
China has blamed the US for a "major cyberattack" against its National Time Service Center, alleging it could have disrupted the country's...
October 16, 2025 07:00 AM
Angelo State University Wins Air Force Grant for Cybersecurity Research
Mathematicians at Angelo State University are studying a process called “skew zero forcing," which involves new ways of modeling and...
October 01, 2025 07:00 AM
Air Force admits SharePoint privacy issue as reports trickle out of possible breach
Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and...
September 25, 2025 07:00 AM
MD Fighter Jets Deactivated, Airmen Transition To Cybersecurity
Fighter jets will no longer fly out of Martin State Airport in Middle River. The MD National Guard unit will transition to cybersecurity.
September 24, 2025 07:00 AM
Top gun: Air Force Flight Chief Ray Magden pursues a cybersecurity degree online
Follow Air Force Master Sergeant Ray Magden's path from military service to cybersecurity through Boise State's flexible online degree...
September 16, 2025 01:58 AM
Commission on U.S. Cyber Force Generation
The CSIS Commission on U.S. Cyber Force Generation will convene leading experts to examine how the United States can best build a dedicated cyber service.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
USAF CyberSecurity History Information
Official Website of United States Air Force
The official website of United States Air Force is http://www.airforce.com.
United States Air Force’s AI-Generated Cybersecurity Score
According to Rankiteo, United States Air Force’s AI-generated cybersecurity score is 759, reflecting their Fair security posture.
How many security badges does United States Air Force’ have ?
According to Rankiteo, United States Air Force currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does United States Air Force have SOC 2 Type 1 certification ?
According to Rankiteo, United States Air Force is not certified under SOC 2 Type 1.
Does United States Air Force have SOC 2 Type 2 certification ?
According to Rankiteo, United States Air Force does not hold a SOC 2 Type 2 certification.
Does United States Air Force comply with GDPR ?
According to Rankiteo, United States Air Force is not listed as GDPR compliant.
Does United States Air Force have PCI DSS certification ?
According to Rankiteo, United States Air Force does not currently maintain PCI DSS compliance.
Does United States Air Force comply with HIPAA ?
According to Rankiteo, United States Air Force is not compliant with HIPAA regulations.
Does United States Air Force have ISO 27001 certification ?
According to Rankiteo,United States Air Force is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of United States Air Force
United States Air Force operates primarily in the Defense and Space Manufacturing industry.
Number of Employees at United States Air Force
United States Air Force employs approximately 237,826 people worldwide.
Subsidiaries Owned by United States Air Force
United States Air Force presently has no subsidiaries across any sectors.
United States Air Force’s LinkedIn Followers
United States Air Force’s official LinkedIn profile has approximately 753,336 followers.
NAICS Classification of United States Air Force
United States Air Force is classified under the NAICS code 336414, which corresponds to Guided Missile and Space Vehicle Manufacturing.
United States Air Force’s Presence on Crunchbase
No, United States Air Force does not have a profile on Crunchbase.
United States Air Force’s Presence on LinkedIn
Yes, United States Air Force maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/united-states-air-force.
Cybersecurity Incidents Involving United States Air Force
As of December 14, 2025, Rankiteo reports that United States Air Force has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
United States Air Force has an estimated 2,359 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at United States Air Force ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Cyber Attack and Breach.
How does United States Air Force detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with microsoft, and and containment measures with air force-wide block of sharepoint, containment measures with potential block of microsoft teams and power bi, and communication strategy with data breach notification issued via social media by air force personnel center directorate of technology and information..
Incident Details
Can you provide details on each incident ?
Title: US Air Force Data Exposure
Description: Thousands of US Air Force records, including highly private personnel data on senior and high-ranking commanders, were exposed due to an unprotected backup disc.
Type: Data Breach
Attack Vector: Unprotected Backup Drive
Vulnerability Exploited: Lack of Password Protection
Title: Coordinated DDoS Attacks by Pro-Iranian Hacktivist Groups
Description: Multiple pro-Iranian hacktivist groups launched coordinated distributed denial-of-service (DDoS) attacks against American military domains, aerospace companies, and financial institutions following U.S. airstrikes on Iranian nuclear facilities on June 21, 2025.
Date Detected: 2025-06-21
Date Publicly Disclosed: 2025-06-22
Type: DDoS Attack
Attack Vector: Volumetric DDoS Attacks
Threat Actor: Mr HamzaTeam 313Cyber Jihad MovementKeymous+
Motivation: Geopolitical retaliation and disruption
Title: US Air Force SharePoint Breach Exposing PII and PHI
Description: The US Air Force is investigating a data breach caused by a Microsoft SharePoint vulnerability, exposing Personally Identifiable Information (PII) and Protected Health Information (PHI). Chinese-linked hacking groups (Linen Typhoon, Violet Typhoon, and Storm-2603) exploited SharePoint flaws for authentication bypass and remote code execution, leading to data theft, including MachineKey information. The breach prompted an Air Force-wide block of SharePoint, Microsoft Teams, and Power BI dashboards to mitigate risks. The incident is under active investigation by Microsoft and US authorities, with suspicions primarily directed at Chinese state-sponsored actors, though Russian groups are also considered potential culprits.
Date Publicly Disclosed: 2025-07
Type: Data Breach
Attack Vector: Authentication BypassRemote Code Execution (RCE)
Vulnerability Exploited: Microsoft SharePoint Server Vulnerabilities (On-Premises)
Threat Actor: Linen Typhoon (Chinese-affiliated)Violet Typhoon (Chinese-affiliated)Storm-2603 (Chinese-affiliated)
Motivation: EspionageData Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Exploited SharePoint vulnerabilities (authentication bypass and RCE).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UNI01829722
Data Compromised: Personal information, Ranks, Social security numbers, Security clearance levels
Incident : DDoS Attack UNI526062525
Systems Affected: U.S. Air Force domainsAerospace and defense contractorsBanking institutions
Downtime: Sustained 10-hour periods on June 22 (Mr Hamza), Concentrated one-hour periods (Keymous+)
Operational Impact: Service unavailability
Incident : Data Breach UNI2432224100425
Data Compromised: Personally identifiable information (pii), Protected health information (phi), Machinekey information
Systems Affected: Microsoft SharePoint (Air Force-wide)Microsoft Teams (potentially blocked)Power BI Dashboards (potentially blocked)
Operational Impact: Air Force-wide block of SharePoint, Teams, and Power BIDisruption to workflows and collaboration tools
Brand Reputation Impact: Potential erosion of trust in US Air Force cybersecurityScrutiny of Microsoft's security practices
Identity Theft Risk: ['High (due to PII exposure)']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Social Security Numbers, Security Clearance Levels, , Personally Identifiable Information (Pii), Protected Health Information (Phi), Machinekey Information and .
Which entities were affected by each incident ?
Incident : Data Breach UNI01829722
Entity Name: US Air Force
Entity Type: Military
Industry: Defense
Location: United States
Incident : DDoS Attack UNI526062525
Entity Type: Military, Aerospace, Financial
Industry: Defense, Aerospace, Finance
Location: United States
Incident : Data Breach UNI2432224100425
Entity Name: United States Air Force (USAF)
Entity Type: Government/Military
Industry: Defense
Location: United States
Incident : Data Breach UNI2432224100425
Entity Name: At least two unnamed US federal agencies
Entity Type: Government
Location: United States
Incident : Data Breach UNI2432224100425
Entity Name: Numerous global organizations (unspecified)
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach UNI2432224100425
Incident Response Plan Activated: True
Third Party Assistance: Microsoft.
Containment Measures: Air Force-wide block of SharePointPotential block of Microsoft Teams and Power BI
Communication Strategy: Data breach notification issued via social media by Air Force Personnel Center Directorate of Technology and Information
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Microsoft, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UNI01829722
Type of Data Compromised: Personal information, Social security numbers, Security clearance levels
Number of Records Exposed: 4000
Sensitivity of Data: High
Incident : Data Breach UNI2432224100425
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi), Machinekey information
Sensitivity of Data: High
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by air force-wide block of sharepoint, potential block of microsoft teams and power bi and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach UNI2432224100425
Data Exfiltration: True
References
Where can I find more information about each incident ?
Incident : DDoS Attack UNI526062525
Source: Cyble
Incident : Data Breach UNI2432224100425
Source: The Register
Incident : Data Breach UNI2432224100425
Source: Microsoft (July 2025 confirmation of SharePoint exploits by Chinese groups)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyble, and Source: The Register, and Source: Microsoft (July 2025 confirmation of SharePoint exploits by Chinese groups).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach UNI2432224100425
Investigation Status: Ongoing (by Microsoft and US authorities)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Data Breach Notification Issued Via Social Media By Air Force Personnel Center Directorate Of Technology And Information.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach UNI2432224100425
Stakeholder Advisories: Air Force Personnel Center Directorate Of Technology And Information Notification.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Air Force Personnel Center Directorate Of Technology And Information Notification.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UNI2432224100425
Entry Point: Exploited Sharepoint Vulnerabilities (Authentication Bypass, Rce),
High Value Targets: Us Air Force Pii/Phi, Machinekey Information,
Data Sold on Dark Web: Us Air Force Pii/Phi, Machinekey Information,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach UNI2432224100425
Root Causes: Vulnerabilities In On-Premises Sharepoint Servers, Potential Lapses In Microsoft'S Cybersecurity Practices,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Microsoft, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Mr HamzaTeam 313Cyber Jihad MovementKeymous+ and Linen Typhoon (Chinese-affiliated)Violet Typhoon (Chinese-affiliated)Storm-2603 (Chinese-affiliated).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-06-21.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, Ranks, Social Security Numbers, Security Clearance Levels, , Personally Identifiable Information (PII), Protected Health Information (PHI), MachineKey Information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was U.S. Air Force domainsAerospace and defense contractorsBanking institutions and Microsoft SharePoint (Air Force-wide)Microsoft Teams (potentially blocked)Power BI Dashboards (potentially blocked).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was microsoft, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Air Force-wide block of SharePointPotential block of Microsoft Teams and Power BI.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Protected Health Information (PHI), Personally Identifiable Information (PII), Security Clearance Levels, Ranks, Social Security Numbers, MachineKey Information and Personal Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 400.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Microsoft (July 2025 confirmation of SharePoint exploits by Chinese groups), The Register and Cyble.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (by Microsoft and US authorities).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Air Force Personnel Center Directorate of Technology and Information notification, .
Initial Access Broker
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 2.6
Severity: HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=united-states-air-force' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
