Zendesk
Company Details
Linkedin ID:
zendesk
Website:
Employees number:
7,079
Number of followers:
636,476
NAICS:
5112
Industry Type:
Homepage:
zendesk.fr
IP Addresses:
0
Company ID:
ZEN_1526662
Scan Status:
In-progress
Zendesk Company CyberSecurity Posture
zendesk.fr
Zendesk powers exceptional service for every person on the planet. As a leader in AI-powered service, we offer the Zendesk Resolution Platform, designed to redefine customer experience with advanced tools that integrate AI Agents, a comprehensive knowledge graph, actions and integrations, governance and control, measurement and insights, and human expertise. Our purpose-built platform enhances service by combining automation and human insight for seamless interactions. Easy to use, easy to scale, and easy to get value from, Zendesk helps companies strengthen relationships, improve efficiency, and grow. Learn more: http://zdsk.co/46mVi8h
Zendesk A.I CyberSecurity Scoring
Zendesk Risk Score (AI oriented)Between 700 and 749
Zendesk
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Zendesk Global Score (TPRM)XXXX
Zendesk
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Zendesk Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Zendesk
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Zendesk was targeted by a **sophisticated phishing campaign** leveraging **Cloudflare Pages** to create convincing fake login screens, impersonating trusted Zendesk interfaces. Attackers tricked users into submitting sensitive credentials, exploiting vulnerabilities in the email support system. The breach exposed **customer data to significant risk**, with potential unauthorized access to personal and account-related information. The incident underscores the growing threat of **evolved phishing tactics** in digital customer support platforms, where third-party tools (like Cloudflare Pages) can be weaponized to bypass traditional security measures. While the exact scale of data compromise remains undisclosed, the attack highlights systemic weaknesses in authentication protocols and the urgent need for **enhanced monitoring, employee training, and multi-layered defenses** to prevent credential harvesting and subsequent data leaks. The reputational and operational impact on Zendesk and its clients could be substantial, given the reliance on secure customer support infrastructure.
Zendesk
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: Zendesk has acknowledged a data blunder that affects 10,000 customers, but only those who used the company's helpdesk solutions prior to 1 November 2016. The business informed its clients that they had just learned about a security issue that might have affected users of Zendesk Support and Chat products who had their subscriptions authorized before November 1, 2016, as well as those customers. Regarding the security breach, Zendesk believes that no unauthorized use of stolen login credentials has occurred as of yet. A "third-party" contacted Zendesk, which led to an internal investigation and the notification of regulatory bodies.
Zendesk Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Zendesk
Incidents vs Software Development Industry Average (This Year)
Zendesk has 63.93% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Zendesk has 26.58% more incidents than the average of all companies with at least one recorded incident.
Incident Types Zendesk vs Software Development Industry Avg (This Year)
Zendesk reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Zendesk (X = Date, Y = Severity)
Zendesk cyber incidents detection timeline including parent company and subsidiaries
Zendesk Company Subsidiaries
Zendesk powers exceptional service for every person on the planet. As a leader in AI-powered service, we offer the Zendesk Resolution Platform, designed to redefine customer experience with advanced tools that integrate AI Agents, a comprehensive knowledge graph, actions and integrations, governance and control, measurement and insights, and human expertise. Our purpose-built platform enhances service by combining automation and human insight for seamless interactions. Easy to use, easy to scale, and easy to get value from, Zendesk helps companies strengthen relationships, improve efficiency, and grow. Learn more: http://zdsk.co/46mVi8h
Loading...
Zendesk Similar Companies
Catalyzing the era of pervasive intelligence, Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation. We partner closely with semiconductor and systems customers across a wide range of
Thomson Reuters
Thomson Reuters is the world’s leading provider of news and information-based tools to professionals. Our worldwide network of journalists and specialist editors keep customers up to speed on global developments, with a particular focus on legal, regulatory and tax changes. Our customers operat
Databricks is the Data and AI company. More than 10,000 organizations worldwide — including Block, Comcast, Condé Nast, Rivian, Shell and over 60% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to take control of their data and put it to work with AI. Databricks is headquarte
Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global compa
Microsoft
Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today. Our culture doesn’t just encourage curiosity; it
DiDi
DiDi Global Inc. is a leading mobility technology platform. It offers a wide range of app-based services across Asia Pacific, Latin America, and other global markets, including ride hailing, taxi hailing, designated driving, hitch and other forms of shared mobility as well as certain energy and vehi
Amazon Fulfillment Technologies & Robotics
On the Fulfillment Technologies & Robotics Team, we build dynamic partnerships between people and intelligent machines. This intricate collaboration helps Amazon fulfill orders with unmatched accuracy. Since we began working with robotics, we've added over a million new jobs worldwide. Working in s
JD.COM
JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44
A problem isn't truly solved until it's solved for all. Googlers build products that help create opportunities for everyone, whether down the street or across the globe. Bring your insight, imagination and a healthy disregard for the impossible. Bring everything that makes you unique. Together, we c
.png)
Zendesk CyberSecurity News
December 13, 2025 12:11 AM
A comprehensive list of 2025 tech layoffs
The tech layoff wave is still kicking in 2025. Last year saw more than 150,000 job cuts across 549 companies, according to independent...
December 02, 2025 06:29 PM
Scattered Lapsus$ Hunters prepping Zendesk-aimed intrusions
Hacking group Scattered Lapsus$ Hunters may have already commenced attacks aimed at Zendesk environments, following the creation of nearly...
December 01, 2025 08:00 AM
Hackers ready threat campaign aimed at Zendesk environments
Hackers ready threat campaign aimed at Zendesk environments. Researchers warn that attackers linked to recent social engineering attacks are...
November 30, 2025 12:42 PM
Top Cybersecurity News of the Week
This week's cyber attacks shows uneven protections, vendor and design weaknesses, and human-targeted attacks have widened across public,...
November 28, 2025 08:00 AM
Scattered Lapsus$ Hunters target Zendesk users with fake domains
Researchers found over 40 fake domains using the same setup as the group's August Salesforce attack. office screen workers cybersecurity...
November 28, 2025 08:00 AM
Zendesk users targeted by Scattered Lapsus$ Hunters hackers and fake support sites
The notorious Scattered Lapsus$ Hunters gang, which famously targeted Salesforce users, is now targeting Zendesk users as well to try and...
November 27, 2025 03:24 PM
Scattered Lapsus$ Actors Register Over 40 Zendesk-Impersonating Domains
Lapsus$ Zendesk impersonation - ReliaQuest researchers have uncovered a new campaign believed to be linked to the threat group.
November 27, 2025 08:00 AM
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to know
The Scattered Lapsus$ Hunters threat group appears to be targeting Zendesk users in a new phishing campaign, according to analysis from...
November 24, 2025 08:00 AM
Gainsight says additional applications put on hold after Salesforce customers breached
The company said that Zendesk and Hubspot integrations have been deactivated as the probe continues.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Zendesk CyberSecurity History Information
Official Website of Zendesk
The official website of Zendesk is http://zdsk.co/46mVi8h.
Zendesk’s AI-Generated Cybersecurity Score
According to Rankiteo, Zendesk’s AI-generated cybersecurity score is 724, reflecting their Moderate security posture.
How many security badges does Zendesk’ have ?
According to Rankiteo, Zendesk currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Zendesk have SOC 2 Type 1 certification ?
According to Rankiteo, Zendesk is not certified under SOC 2 Type 1.
Does Zendesk have SOC 2 Type 2 certification ?
According to Rankiteo, Zendesk does not hold a SOC 2 Type 2 certification.
Does Zendesk comply with GDPR ?
According to Rankiteo, Zendesk is not listed as GDPR compliant.
Does Zendesk have PCI DSS certification ?
According to Rankiteo, Zendesk does not currently maintain PCI DSS compliance.
Does Zendesk comply with HIPAA ?
According to Rankiteo, Zendesk is not compliant with HIPAA regulations.
Does Zendesk have ISO 27001 certification ?
According to Rankiteo,Zendesk is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Zendesk
Zendesk operates primarily in the Software Development industry.
Number of Employees at Zendesk
Zendesk employs approximately 7,079 people worldwide.
Subsidiaries Owned by Zendesk
Zendesk presently has no subsidiaries across any sectors.
Zendesk’s LinkedIn Followers
Zendesk’s official LinkedIn profile has approximately 636,476 followers.
NAICS Classification of Zendesk
Zendesk is classified under the NAICS code 5112, which corresponds to Software Publishers.
Zendesk’s Presence on Crunchbase
No, Zendesk does not have a profile on Crunchbase.
Zendesk’s Presence on LinkedIn
Yes, Zendesk maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/zendesk.
Cybersecurity Incidents Involving Zendesk
As of December 26, 2025, Rankiteo reports that Zendesk has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Zendesk has an estimated 27,890 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Zendesk ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
How does Zendesk detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with yes, and communication strategy with internal investigation and notification of regulatory bodies, and remediation measures with recommended: enforce multi-factor authentication (mfa), remediation measures with monitor third-party services (e.g., cloudflare pages) for misuse, remediation measures with enhance employee training on phishing risks, and communication strategy with public disclosure via cx today, communication strategy with customer advisories likely issued (not specified), and enhanced monitoring with recommended: advanced threat detection for email and login systems..
Incident Details
Can you provide details on each incident ?
Title: Zendesk Data Breach
Description: Zendesk has acknowledged a data breach affecting 10,000 customers who used the company's helpdesk solutions prior to 1 November 2016.
Type: Data Breach
Title: Zendesk Phishing Campaign Exploiting Cloudflare Pages
Description: Zendesk was targeted by a sophisticated phishing campaign leveraging Cloudflare Pages to create fake login screens, impersonating trusted sources to harvest sensitive customer data. The attack exploited Zendesk’s email support systems, bypassing typical security measures and highlighting vulnerabilities in digital customer support environments. The incident underscores the need for enhanced cybersecurity protocols, including regular system updates, employee training, and advanced threat detection.
Type: phishing
Attack Vector: email spoofingfake login pagesCloudflare Pages misuseimpersonation of trusted sources
Vulnerability Exploited: lack of multi-factor authentication (MFA) enforcementinadequate validation of third-party services (Cloudflare Pages)user susceptibility to phishing
Motivation: data theftcredential harvestingunauthorized access to customer support systems
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through phishing emails directing to fake Cloudflare Pages-hosted login screens.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ZEN35623423
Data Compromised: Login credentials
Systems Affected: Zendesk Support and Chat products
Incident : phishing ZEN5862358110625
Data Compromised: Customer credentials, Sensitive support ticket information
Systems Affected: Zendesk email support systemscustomer login interfaces
Operational Impact: disruption to customer trustpotential operational delays in support services
Customer Complaints: ['potential increase due to compromised accounts']
Brand Reputation Impact: erosion of customer trustnegative perception of security practices
Identity Theft Risk: ['high (due to harvested credentials)']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Login credentials, Customer Credentials, Support Ticket Data and .
Which entities were affected by each incident ?
Incident : Data Breach ZEN35623423
Entity Name: Zendesk
Entity Type: Company
Industry: Software
Customers Affected: 10000
Incident : phishing ZEN5862358110625
Entity Name: Zendesk
Entity Type: customer support platform
Industry: SaaS (Software as a Service)
Location: Global (HQ in San Francisco, California, USA)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ZEN35623423
Third Party Assistance: Yes
Communication Strategy: Internal investigation and notification of regulatory bodies
Incident : phishing ZEN5862358110625
Remediation Measures: recommended: enforce multi-factor authentication (MFA)monitor third-party services (e.g., Cloudflare Pages) for misuseenhance employee training on phishing risks
Communication Strategy: public disclosure via CX Todaycustomer advisories likely issued (not specified)
Enhanced Monitoring: recommended: advanced threat detection for email and login systems
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ZEN35623423
Type of Data Compromised: Login credentials
Number of Records Exposed: 10000
Incident : phishing ZEN5862358110625
Type of Data Compromised: Customer credentials, Support ticket data
Sensitivity of Data: high (login credentials, potentially PII in support tickets)
Data Exfiltration: likely (credentials submitted to fake pages)
Personally Identifiable Information: potential (depends on support ticket content)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: recommended: enforce multi-factor authentication (MFA), monitor third-party services (e.g., Cloudflare Pages) for misuse, enhance employee training on phishing risks, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ZEN35623423
Regulatory Notifications: Yes
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : phishing ZEN5862358110625
Lessons Learned: Third-party platforms (e.g., Cloudflare Pages) can be weaponized for phishing if not properly monitored., Customer support systems are high-value targets due to access to sensitive data., User training and MFA are critical defenses against credential harvesting., Regular security audits of email and login systems are essential to detect vulnerabilities.
What recommendations were made to prevent future incidents ?
Incident : phishing ZEN5862358110625
Recommendations: Implement stricter validation for third-party services used in customer-facing workflows., Enforce multi-factor authentication (MFA) for all user logins, especially support agents and customers., Conduct regular phishing simulation exercises for employees and customers., Deploy advanced email filtering and threat detection to identify spoofed messages., Monitor dark web and underground forums for leaked Zendesk credentials., Enhance customer communication to raise awareness of phishing risks and reporting mechanisms.Implement stricter validation for third-party services used in customer-facing workflows., Enforce multi-factor authentication (MFA) for all user logins, especially support agents and customers., Conduct regular phishing simulation exercises for employees and customers., Deploy advanced email filtering and threat detection to identify spoofed messages., Monitor dark web and underground forums for leaked Zendesk credentials., Enhance customer communication to raise awareness of phishing risks and reporting mechanisms.Implement stricter validation for third-party services used in customer-facing workflows., Enforce multi-factor authentication (MFA) for all user logins, especially support agents and customers., Conduct regular phishing simulation exercises for employees and customers., Deploy advanced email filtering and threat detection to identify spoofed messages., Monitor dark web and underground forums for leaked Zendesk credentials., Enhance customer communication to raise awareness of phishing risks and reporting mechanisms.Implement stricter validation for third-party services used in customer-facing workflows., Enforce multi-factor authentication (MFA) for all user logins, especially support agents and customers., Conduct regular phishing simulation exercises for employees and customers., Deploy advanced email filtering and threat detection to identify spoofed messages., Monitor dark web and underground forums for leaked Zendesk credentials., Enhance customer communication to raise awareness of phishing risks and reporting mechanisms.Implement stricter validation for third-party services used in customer-facing workflows., Enforce multi-factor authentication (MFA) for all user logins, especially support agents and customers., Conduct regular phishing simulation exercises for employees and customers., Deploy advanced email filtering and threat detection to identify spoofed messages., Monitor dark web and underground forums for leaked Zendesk credentials., Enhance customer communication to raise awareness of phishing risks and reporting mechanisms.Implement stricter validation for third-party services used in customer-facing workflows., Enforce multi-factor authentication (MFA) for all user logins, especially support agents and customers., Conduct regular phishing simulation exercises for employees and customers., Deploy advanced email filtering and threat detection to identify spoofed messages., Monitor dark web and underground forums for leaked Zendesk credentials., Enhance customer communication to raise awareness of phishing risks and reporting mechanisms.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Third-party platforms (e.g., Cloudflare Pages) can be weaponized for phishing if not properly monitored.,Customer support systems are high-value targets due to access to sensitive data.,User training and MFA are critical defenses against credential harvesting.,Regular security audits of email and login systems are essential to detect vulnerabilities.
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CX TodayUrl: https://www.cxtoday.com/.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ZEN35623423
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Internal investigation and notification of regulatory bodies, Public Disclosure Via Cx Today and Customer Advisories Likely Issued (Not Specified).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : phishing ZEN5862358110625
Customer Advisories: Likely issued (not specified in source)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Likely Issued (Not Specified In Source) and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : phishing ZEN5862358110625
Entry Point: Phishing Emails Directing To Fake Cloudflare Pages-Hosted Login Screens,
High Value Targets: Zendesk Customer Support Agents, End-Users With Active Support Tickets,
Data Sold on Dark Web: Zendesk Customer Support Agents, End-Users With Active Support Tickets,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : phishing ZEN5862358110625
Root Causes: Insufficient Validation Of Cloudflare Pages Domains Mimicking Zendesk., Lack Of User Awareness About Phishing Tactics Targeting Support Systems., Possible Gaps In Email Security Controls To Detect Spoofed Messages.,
Corrective Actions: Tighten Integration Policies For Third-Party Services Like Cloudflare Pages., Roll Out Mandatory Phishing Training For Employees And Customers., Enhance Email Authentication (Dmarc, Dkim, Spf) To Prevent Spoofing., Implement Behavioral Analytics To Detect Anomalous Login Attempts.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Recommended: Advanced Threat Detection For Email And Login Systems, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Tighten Integration Policies For Third-Party Services Like Cloudflare Pages., Roll Out Mandatory Phishing Training For Employees And Customers., Enhance Email Authentication (Dmarc, Dkim, Spf) To Prevent Spoofing., Implement Behavioral Analytics To Detect Anomalous Login Attempts., .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Login credentials, customer credentials, sensitive support ticket information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Zendesk email support systemscustomer login interfaces.
Response to the Incidents
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were sensitive support ticket information, Login credentials and customer credentials.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 100.0.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Regular security audits of email and login systems are essential to detect vulnerabilities.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement stricter validation for third-party services used in customer-facing workflows., Enhance customer communication to raise awareness of phishing risks and reporting mechanisms., Deploy advanced email filtering and threat detection to identify spoofed messages., Monitor dark web and underground forums for leaked Zendesk credentials., Enforce multi-factor authentication (MFA) for all user logins, especially support agents and customers. and Conduct regular phishing simulation exercises for employees and customers..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is CX Today.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.cxtoday.com/ .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Likely issued (not specified in source).
Initial Access Broker
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=zendesk' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
