Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
14/06/2019
Eze Eclipse Vulnerability Disclosure Program logo
Thanks
Gift
Hall of Fame
Reward

Eze Eclipse Vulnerability Disclosure Program

Important: please review the in-scope target section of this brief before

submitting your findings.

SS&C Eze began with a vision that emerging technology could help bring trading operations - and people - closer together. If there was a fluid way to work and to hand off trade order information to various departments smoothly and seamlessly, financial operations could flourish. We aim to be the leading global provider of best-in-breed software solutions and technology services designed to maximize investment and operational alpha for the entire institutional investment process and community. Eze Eclipse is your platform for growth. Given the highly sensitive business domain we operate in, our goal with this Vulnerability Disclosure Program is to ensure that our system adheres to the highest security standards possible.


Ratings:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal and make a case for a higher priority.

This program only awards points for VRT based submissions.

Targets

In scope

Target name | Type
---|---
<https://app.ezesoftcloud.com/> | Website
<https://ws-prod.ezesoftcloud.com/> | Website
<https://cdn.ezesoftcloud.com/> | Website
<https://tqqbf.ezesoftcloud.com/> | Website
<https://t51r0.ezesoftcloud.com/> | Website


Additional Info

  • The main Eze Eclipse application lives at https://app.ezesoftcloud.com/ims/
  • Feel free to start with the landing page on the main app. All static resources (HTML, CSS, and scripts) are served unauthenticated and are useful to review as well as any parallel services running under each in-scope FQDN.
  • The application is continuously updated - our teams deploy to production every day and new problems may be introduced often.
  • Please refrain from using intense automated scanners and keep all testing under no more than 6 requests per second.
  • Any submissions for targets not listed on the list above will be marked as out of scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

Terms and Conditions

In addition to these Terms and Conditions regarding the Eze Eclipse Vulnerability Disclosure Program (the "Program"), there may be additional restrictions depending upon applicable local laws.

1. The parties to this Agreement are you and EZE SOFTWARE.
2. "EZE SOFTWARE" refers to EZE SOFTWARE GROUP LLC and its affiliates.
3. By submitting information about a potential security bug, you affirm that you have not disclosed and agree that you will not disclose the security bug to anyone other than EZE SOFTWARE. Absent EZE SOFTWARE's prior written consent, any disclosure outside of this process would violate this Agreement. You agree that money damages are not be a sufficient remedy for a breach of this paragraph by you and that EZE SOFTWARE will be entitled to obtain equitable relief for any such breach, which may include an injunction or specific performance. Any such remedy will not be deemed to be the exclusive remedy for any such breach but will be in addition to all other remedies available at law or equity to EZE SOFTWARE.
4. By submitting information about a potential security bug, you are granting EZE SOFTWARE a worldwide, royalty-free, non-exclusive license to use your submission for the purpose of
addressing security bugs in EZE SOFTWARE’s products and services or otherwise improving EZE SOFTWARE’s products and services.
5. In the event of substantially duplicate submissions, EZE SOFTWARE may at its discretion provide a Reward only for the earliest received submission. Eligibility for Rewards, determination of the recipients, and amount of Reward is at the sole discretion of EZE SOFTWARE.
6. If issues reported to our bug bounty program affect a third party or another vendor, EZE SOFTWARE reserves the right to forward details of the issue along to the party without further discussion with you or any other researcher.
7. You are responsible for all taxes associated with and imposed on any Reward you may receive from EZE SOFTWARE.
8. You may only exploit, investigate, or target security bugs against your own accounts. Testing must not violate any law.
9. If you inadvertently access proprietary customer, employee, or business related information during your testing, the information must not be used, disclosed, stored, or recorded in any way. Inadvertent access of the data must be declared to EZE SOFTWARE within your submission.
10. Your testing activities must not intentionally negatively impact EZE SOFTWARE, EZE SOFTWARE’s products or services generally, or EZE SOFTWARE's online environment availability or performance.
11. This Agreement constitutes the entire agreement of the parties with respect to the items listed above. This Agreement is covered by New York law. This Agreement may be amended or modified only by a subsequent agreement in writing.
12. If any portion of this Agreement is found to be illegal or unenforceable, then the parties will be relieved of their responsibilities arising under such portion, but only to the extent that such portion is illegal or unenforceable.

EZE SOFTWARE RESERVES THE RIGHT TO MODIFY OR CANCEL THE EZE SOFTWARE RESPONSIBLE DISCLOSURE PROGRAM AT ANY TIME WITHOUT NOTICE. ALL PARTICIPANTS AND SUBMISSIONS ARE STRICTLY VOLUNTARY. THIS OFFER IS VOID WHERE PROHIBITED BY LAW AND IN PARTICIPATING, YOU MUST NOT VIOLATE ANY LAW. YOU ALSO MUST NOT DISRUPT ANY SERVICE OR COMPROMISE ANYONE’S DATA.

FireBounty © 2015-2019

Legal notices