UnitedHealthcare
Company Details
Linkedin ID:
unitedhealthcare
Website:
Employees number:
15,794
Number of followers:
591,465
NAICS:
62
Industry Type:
Homepage:
uhc.com
IP Addresses:
0
Company ID:
UNI_2144909
Scan Status:
In-progress
UnitedHealthcare Company CyberSecurity Posture
uhc.com
When it comes to your health, everything matters. That’s why UnitedHealthcare is helping people live healthier lives and making the health system work better for everyone. Our health plans are there for you in moments big and small, delivering a simple experience, affordable coverage, and supportive care. At UnitedHealthcare, part of the UnitedHealth Group family of businesses, we are working to create a system that is connected, aligned and more affordable for all involved; one that delivers high quality care, responsive to the needs of each person and the communities in which they live. With connections to more than 1.3 million physicians and care professionals and 6,500 hospitals and care facilities across the globe, we can collaborate in new ways to improve patient care while providing customizable and comprehensive solutions in any marketplace, anywhere. Our Values Integrity: Honor commitments. Never compromise ethics. Compassion: Walk in the shoes of the people we serve and those with whom we work. Relationships: Build trust through collaboration. Innovation: Invent the future. Learn from the past. Performance: Demonstrate excellence in everything we do. For more information about UnitedHealthcare, click here: https://www.uhc.com/ For information about careers at UnitedHealthcare, click here: https://www.workatuhc.com
UnitedHealthcare A.I CyberSecurity Scoring
UnitedHealthcare Risk Score (AI oriented)Between 650 and 699
UnitedHealthcare
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UnitedHealthcare Global Score (TPRM)XXXX
UnitedHealthcare
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UnitedHealthcare Company CyberSecurity News & History
Past Incidents
6
Attack Types
3
UnitedHealthcare
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported that UnitedHealthcare experienced a data breach affecting individuals' health information. The breach was detected on December 29, 2022, and it involved unauthorized access to the UHC broker portal, affecting information from December 1, 2022, to January 25, 2023. The breach potentially exposed first and last names, member ID numbers, plan effective dates, and other plan-related information, but not Social Security numbers or financial account information.
UnitedHealthcare
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On January 28, 2013, the California Office of the Attorney General reported a data breach involving RR Donnelley, which included the theft of an unencrypted computer containing personal information of UnitedHealthcare members. The specific date of the breach is unknown, but it occurred sometime between the second half of September and the end of November 2012. The information potentially compromised includes names, addresses, and Social Security numbers, and approximately 2003 health benefit plan members were affected.
UnitedHealthcare
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The CEO of UnitedHealthcare, Brian Thompson, was tragically shot and killed in New York City. The suspected shooter, Luigi Mangione, was arrested shortly thereafter. Police found evidence suggesting motivations related to healthcare system criticisms. Bullet casings at the scene had words inscribed that imply dissatisfaction with health insurance coverage processes. Authorities also found a manifesto carried by Mangione that condemned healthcare companies for prioritizing profits over care. This event has led to a significant impact on UnitedHealthcare’s reputation, with potential financial implications due to the loss of its CEO and the adverse publicity surrounding the circumstances of his death.
UnitedHealthcare
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The company experienced a data breach after filing official documents with the Attorney General of Texas. The breach resulted in the names, addresses, health insurance information, and medical information being compromised. Leaked healthcare data was indeed protected healthcare information. They had sufficient information about a patient to carry out healthcare identity fraud.
UnitedHealthcare
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The CEO of UnitedHealthcare, Brian Thompson, was fatally shot in an incident involving Luigi Mangione, who was arrested in Pennsylvania. The shooter allegedly left behind bullet casings with words indicating a protest against healthcare insurance claim denials. The perpetrator carried a manifesto critical of healthcare companies' focus on profits over patient care. The case has drawn significant media attention, impacting the company’s reputation and possibly causing a financial setback due to concerns over the safety of its executives, potential legal issues, and the necessity for increased security measures.
UnitedHealthcare
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Washington State Office of the Attorney General reported a data breach involving UnitedHealthcare on August 25, 2023. The breach, which was a ransomware attack discovered on April 17, 2023, affected approximately 1,025 Washington residents and involved compromised information including names, Social Security numbers, dates of birth, health insurance information, and medical information.
UnitedHealthcare Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UnitedHealthcare
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for UnitedHealthcare in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UnitedHealthcare in 2025.
Incident Types UnitedHealthcare vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for UnitedHealthcare in 2025.
Incident History — UnitedHealthcare (X = Date, Y = Severity)
UnitedHealthcare cyber incidents detection timeline including parent company and subsidiaries
UnitedHealthcare Company Subsidiaries
When it comes to your health, everything matters. That’s why UnitedHealthcare is helping people live healthier lives and making the health system work better for everyone. Our health plans are there for you in moments big and small, delivering a simple experience, affordable coverage, and supportive care. At UnitedHealthcare, part of the UnitedHealth Group family of businesses, we are working to create a system that is connected, aligned and more affordable for all involved; one that delivers high quality care, responsive to the needs of each person and the communities in which they live. With connections to more than 1.3 million physicians and care professionals and 6,500 hospitals and care facilities across the globe, we can collaborate in new ways to improve patient care while providing customizable and comprehensive solutions in any marketplace, anywhere. Our Values Integrity: Honor commitments. Never compromise ethics. Compassion: Walk in the shoes of the people we serve and those with whom we work. Relationships: Build trust through collaboration. Innovation: Invent the future. Learn from the past. Performance: Demonstrate excellence in everything we do. For more information about UnitedHealthcare, click here: https://www.uhc.com/ For information about careers at UnitedHealthcare, click here: https://www.workatuhc.com
Loading...
UnitedHealthcare Similar Companies
The International SOS Group of Companies has been in the business of saving lives for over 40 years. Protecting global workforces from health and security threats, we deliver customised health, security risk management and wellbeing solutions to fuel our clients’ growth and productivity. In the even
Baptist Health
Baptist Health South Florida is the largest healthcare organization in the region, with 12 hospitals, more than 28,000 employees, 4,500 physicians and 200 outpatient centers, urgent care facilities and physician practices spanning Miami-Dade, Monroe, Broward and Palm Beach counties. Baptist Health S
Care You Can Count On Whether you are searching for your next career opportunity or looking for care for yourself or a family member, you’ll find what you need at Scripps. Founded in 1924 by philanthropist Ellen Browning Scripps, Scripps is a non-profit integrated health care delivery system based
Sharp HealthCare is a not-for-profit health care system based in San Diego, California, with four acute care hospitals, three specialty hospitals, three medical groups and a health plan. We provide medical services in virtually all fields of medicine, including primary care, heart care, cancer, orth
Oregon Health & Science University
At OHSU, we deliver breakthroughs for better health. We're driven by the belief that better health starts with innovations in the lab, in the classroom, at the bedside and in our communities. From cancer to Alzheimer's to cardiovascular care, we collaborate every day to identify and deliver new wa
Memorial Healthcare System
Be at the heart of exceptional care. Team MHS Florida is an award-winning group of friends and colleagues at one of the largest not-for-profit health systems in the nation. We're 17,000 strong, advancing towards a brighter future together. We're passionate about the work we do, delivering deep, pe
Since its start in 1855 as the nation's first hospital devoted exclusively to caring for children, The Children's Hospital of Philadelphia has been the birthplace for many dramatic firsts in pediatric medicine. The Hospital has fostered medical discoveries and innovations that have improved pediatri
Fairview Health Services
Fairview Health Services is Minnesota’s choice for healthcare. We’re an industry-leading, award-winning, nonprofit offering a full network of healthcare services. Our broad network is designed to be ready for our patients’ every need, while delivering quality care with compassion. Our care portfoli
Dr. Sulaiman Al Habib Medical Group
Leading Private Healthcare Provider in the Middle East With a vision to be the most trusted healthcare provider in medical excellence and patient experience globally, Dr. Sulaiman Al-Habib Medical Group (HMG) has become the largest provider of comprehensive healthcare services in the Middle East. A
.png)
UnitedHealthcare CyberSecurity News
September 19, 2025 07:00 AM
UnitedHealth Group Under Siege: DOJ Probes and Cyberattack Aftermath Shake Healthcare Giant
UnitedHealth Group (NYSE: UNH), a dominant force in the U.S. healthcare landscape, is currently embroiled in an unprecedented storm of...
August 08, 2025 07:00 AM
Senators Demand Answers from UnitedHealth After Second Massive Data Breach in a Year
Two U.S. senators have written to UnitedHealth Group (UHG) CEO Stephen J. Hemsley demanding answers about cybersecurity and the response to...
August 06, 2025 07:00 AM
Change Healthcare Increases Ransomware Victim Count to 192.7 Million Individuals
UnitedHealth Group has adopted an aggressive approach to recover outstanding balances on loans issued to healthcare providers affected by the February 2024...
August 06, 2025 07:00 AM
Senators criticize UnitedHealth Group's cybersecurity after Episource breach
The latest Episource breach, they said, raises questions about the company's commitment to securing personal health information. The senators...
August 06, 2025 07:00 AM
It’s official: Breach of Change Healthcare impacted 193M people
The number is almost double initial estimates. With final data breach notifications now sent, UnitedHealthcare said its investigation into...
August 05, 2025 07:00 AM
Bipartisan Senate duo wants answers from UnitedHealth over Episource data breach
Sens. Bill Cassidy and Maggie Hassan sent a letter to UnitedHealth, the owner of medical tech company Episource, demanding more information...
August 01, 2025 03:30 AM
Early careers
Develop your skills alongside leaders with a global organization that values your growth and encourages you to improve the health care landscape.
June 20, 2025 07:00 AM
UnitedHealth unit hack may have exposed data of 5.4M users
The Episource breach announcement is coming as Google is warning of a wave of attacks by the Scattered Spider cyberattacker community.
June 19, 2025 07:00 AM
UnitedHealth subsidiary exposes 5.5M patient records to hackers
Health IT company Episource confirmed a ransomware attack of its network exposed data from payer and provider customers alike, with details...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UnitedHealthcare CyberSecurity History Information
Official Website of UnitedHealthcare
The official website of UnitedHealthcare is http://www.uhc.com/.
UnitedHealthcare’s AI-Generated Cybersecurity Score
According to Rankiteo, UnitedHealthcare’s AI-generated cybersecurity score is 650, reflecting their Weak security posture.
How many security badges does UnitedHealthcare’ have ?
According to Rankiteo, UnitedHealthcare currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UnitedHealthcare have SOC 2 Type 1 certification ?
According to Rankiteo, UnitedHealthcare is not certified under SOC 2 Type 1.
Does UnitedHealthcare have SOC 2 Type 2 certification ?
According to Rankiteo, UnitedHealthcare does not hold a SOC 2 Type 2 certification.
Does UnitedHealthcare comply with GDPR ?
According to Rankiteo, UnitedHealthcare is not listed as GDPR compliant.
Does UnitedHealthcare have PCI DSS certification ?
According to Rankiteo, UnitedHealthcare does not currently maintain PCI DSS compliance.
Does UnitedHealthcare comply with HIPAA ?
According to Rankiteo, UnitedHealthcare is not compliant with HIPAA regulations.
Does UnitedHealthcare have ISO 27001 certification ?
According to Rankiteo,UnitedHealthcare is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UnitedHealthcare
UnitedHealthcare operates primarily in the Hospitals and Health Care industry.
Number of Employees at UnitedHealthcare
UnitedHealthcare employs approximately 15,794 people worldwide.
Subsidiaries Owned by UnitedHealthcare
UnitedHealthcare presently has no subsidiaries across any sectors.
UnitedHealthcare’s LinkedIn Followers
UnitedHealthcare’s official LinkedIn profile has approximately 591,465 followers.
NAICS Classification of UnitedHealthcare
UnitedHealthcare is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
UnitedHealthcare’s Presence on Crunchbase
No, UnitedHealthcare does not have a profile on Crunchbase.
UnitedHealthcare’s Presence on LinkedIn
Yes, UnitedHealthcare maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/unitedhealthcare.
Cybersecurity Incidents Involving UnitedHealthcare
As of November 27, 2025, Rankiteo reports that UnitedHealthcare has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
UnitedHealthcare has an estimated 29,962 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UnitedHealthcare ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Cyber Attack and Ransomware.
What was the total financial impact of these incidents on UnitedHealthcare ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does UnitedHealthcare detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with yes, and law enforcement notified with yes..
Incident Details
Can you provide details on each incident ?
Title: Data Breach of Healthcare Information
Description: The company experienced a data breach after filing official documents with the Attorney General of Texas. The breach resulted in the names, addresses, health insurance information, and medical information being compromised. Leaked healthcare data was indeed protected healthcare information. They had sufficient information about a patient to carry out healthcare identity fraud.
Type: Data Breach
Title: Assassination of UnitedHealthcare CEO Brian Thompson
Description: The CEO of UnitedHealthcare, Brian Thompson, was tragically shot and killed in New York City. The suspected shooter, Luigi Mangione, was arrested shortly thereafter. Police found evidence suggesting motivations related to healthcare system criticisms. Bullet casings at the scene had words inscribed that imply dissatisfaction with health insurance coverage processes. Authorities also found a manifesto carried by Mangione that condemned healthcare companies for prioritizing profits over care. This event has led to a significant impact on UnitedHealthcare’s reputation, with potential financial implications due to the loss of its CEO and the adverse publicity surrounding the circumstances of his death.
Type: Physical Security Incident
Attack Vector: Physical Assault
Threat Actor: Luigi Mangione
Motivation: Criticism of healthcare systemDissatisfaction with health insurance coverage processes
Title: Fatal Shooting of UnitedHealthcare CEO
Description: The CEO of UnitedHealthcare, Brian Thompson, was fatally shot in an incident involving Luigi Mangione, who was arrested in Pennsylvania. The shooter allegedly left behind bullet casings with words indicating a protest against healthcare insurance claim denials. The perpetrator carried a manifesto critical of healthcare companies' focus on profits over patient care. The case has drawn significant media attention, impacting the company’s reputation and possibly causing a financial setback due to concerns over the safety of its executives, potential legal issues, and the necessity for increased security measures.
Type: Physical Security Incident
Attack Vector: Physical Violence
Threat Actor: Luigi Mangione
Motivation: Protest against healthcare insurance claim denialsCriticism of healthcare companies' focus on profits over patient care
Title: UnitedHealthcare Data Breach
Description: Unauthorized access to the UHC broker portal, potentially exposing personal and plan-related information.
Date Detected: 2022-12-29
Type: Data Breach
Attack Vector: Unauthorized Access
Title: RR Donnelley Data Breach
Description: Theft of an unencrypted computer containing personal information of UnitedHealthcare members.
Date Detected: 2013-01-28
Date Publicly Disclosed: 2013-01-28
Type: Data Breach
Attack Vector: Theft of Physical Device
Vulnerability Exploited: Unencrypted Data
Title: UnitedHealthcare Data Breach
Description: The Washington State Office of the Attorney General reported a data breach involving UnitedHealthcare on August 25, 2023. The breach, which was a ransomware attack discovered on April 17, 2023, affected approximately 1,025 Washington residents and involved compromised information including names, Social Security numbers, dates of birth, health insurance information, and medical information.
Date Detected: 2023-04-17
Date Publicly Disclosed: 2023-08-25
Type: Data Breach
Attack Vector: Ransomware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through UHC broker portal.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UNI1211161222
Data Compromised: Names, Addresses, Health insurance information, Medical information
Identity Theft Risk: True
Incident : Physical Security Incident UNI000121024
Operational Impact: Loss of CEO
Brand Reputation Impact: Significant
Incident : Physical Security Incident UNI000121424
Financial Loss: Potential financial setback due to concerns over executive safety, potential legal issues, and increased security measures
Operational Impact: Impact on company’s reputation
Brand Reputation Impact: Significant media attention impacting the company’s reputation
Legal Liabilities: Potential legal issues
Incident : Data Breach UNI543072525
Data Compromised: First and last names, Member id numbers, Plan effective dates, Other plan-related information
Systems Affected: UHC broker portal
Incident : Data Breach UNI532072725
Data Compromised: Names, Addresses, Social security numbers
Incident : Data Breach UNI648080525
Data Compromised: Names, Social security numbers, Dates of birth, Health insurance information, Medical information
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Protected Healthcare Information, Personally Identifiable Information, , Personal Information, Plan-Related Information, , Personal Information, , Names, Social Security Numbers, Dates Of Birth, Health Insurance Information, Medical Information and .
Which entities were affected by each incident ?
Incident : Physical Security Incident UNI000121024
Entity Name: UnitedHealthcare
Entity Type: Corporation
Industry: Healthcare
Location: New York City
Incident : Physical Security Incident UNI000121424
Entity Name: UnitedHealthcare
Entity Type: Healthcare Company
Industry: Healthcare
Location: Pennsylvania
Incident : Data Breach UNI543072525
Entity Name: UnitedHealthcare
Entity Type: Health Insurance Provider
Industry: Healthcare
Incident : Data Breach UNI532072725
Entity Name: RR Donnelley
Entity Type: Company
Industry: Printing and Marketing Services
Customers Affected: 2003
Incident : Data Breach UNI648080525
Entity Name: UnitedHealthcare
Entity Type: Health Insurance Company
Industry: Healthcare
Location: Washington
Customers Affected: 1025
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Physical Security Incident UNI000121024
Law Enforcement Notified: Yes
Incident : Physical Security Incident UNI000121424
Law Enforcement Notified: Yes
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UNI1211161222
Type of Data Compromised: Protected healthcare information, Personally identifiable information
Sensitivity of Data: High
Incident : Data Breach UNI543072525
Type of Data Compromised: Personal information, Plan-related information
Sensitivity of Data: Medium
Personally Identifiable Information: First and last namesMember ID numbers
Incident : Data Breach UNI532072725
Type of Data Compromised: Personal information
Number of Records Exposed: 2003
Sensitivity of Data: High
Data Encryption: No
Personally Identifiable Information: Yes
Incident : Data Breach UNI648080525
Type of Data Compromised: Names, Social security numbers, Dates of birth, Health insurance information, Medical information
Number of Records Exposed: 1025
Sensitivity of Data: High
References
Where can I find more information about each incident ?
Incident : Data Breach UNI543072525
Source: California Office of the Attorney General
Incident : Data Breach UNI532072725
Source: California Office of the Attorney General
Date Accessed: 2013-01-28
Incident : Data Breach UNI648080525
Source: Washington State Office of the Attorney General
Date Accessed: 2023-08-25
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-01-28, and Source: Washington State Office of the Attorney GeneralDate Accessed: 2023-08-25.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Physical Security Incident UNI000121424
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UNI543072525
Entry Point: UHC broker portal
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Luigi Mangione and Luigi Mangione.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2022-12-29.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-08-25.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was Potential financial setback due to concerns over executive safety, potential legal issues, and increased security measures.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, addresses, health insurance information, medical information, , First and last names, Member ID numbers, Plan effective dates, Other plan-related information, , Names, Addresses, Social Security numbers, , names, Social Security numbers, dates of birth, health insurance information, medical information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was UHC broker portal.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Addresses, Social Security numbers, addresses, dates of birth, health insurance information, Plan effective dates, Other plan-related information, First and last names, Member ID numbers, medical information, names and Names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 310.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General and Washington State Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an UHC broker portal.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=unitedhealthcare' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
