How to report a vulnerability

Guidelines for anaplan.com

Did you find a vulnerability on anaplan.com? Use these guidelines and instructions to report the vulnerability to us. 

 

We take security seriously and will thoroughly investigate your report.

In-scope: *.anaplan.com

Out of scope:

  • community.anaplan.com

  • usergroups.anaplan.com

  • third-party domains

     

Guidelines

This page is only for responsible disclosures.

  • Please notify us as soon as possible after finding a vulnerability on anaplan.com.

  • Provide the technical details, steps to exploit, and a proof of concept, if available.

  • Don’t exploit vulnerabilities that will cause a service disruption or social engineer or phish our employees to prove out the vulnerability.

  • Avoid privacy violations. If an exploited vulnerability results in access to personally identifying or confidential information, don’t transfer, alter, or destroy it.

  • Refrain from publicly disclosing the vulnerability before it’s fixed.
  • We do not provide bounties at this time

 

Out-of-scope vulnerabilities

We won’t consider these submissions:

  • Vulnerabilities from scanners and tools

  • Issues related to HTTP headers

  • Error messages that don’t include sensitive information

  • Issues related to SSL/TLS configurations

  • Clickjacking

  • Use of outdated software and libraries

Report a vulnerability

Email us with the full details and a proof of concept at: disclosures@anaplan.com.