Innovaccer is committed to the security of our products and customers.
If you discover a bug, we appreciate your cooperation in responsibly investigating and reporting it to us so that we can address it as soon as possible.
If you believe that you have found a security vulnerability or Bug on any Innovaccer owned Website or Application, we encourage you to let us know straight away. Our Team will investigate all legitimate reports and do our best to quickly fix the problem.
Be the first to report the issue to us. Please adhere to the following guidelines to report a bug:
Innovaccer will make the best effort to meet the following response targets for hackers participating in our program:
We’ll try to keep you informed about our progress throughout the process.
# | Vulnerability Type | Comment | |
---|---|---|---|
1. | Cross-Site Request Forgery | With significant security impact | |
2. | Authentication Bypass/Account Takeover | ||
3. | Open Redirects | With significant security impact | |
4. | Cross Origin Resource Sharing | With significant security impact | |
5. | SQL injections | ||
6. | Server Side Request Forgery | ||
7. | Privilege Escalation | ||
8. | Local File Inclusion | ||
9. | Remote File Inclusion | ||
10. | Leakage of Sensitive Data | ||
11. | Cross-Site Scripting | Self-XSS is out of scope | |
12. | Directory Traversal | With sensitive information disclosure | |
13. | Payment Manipulation | ||
14. | Remote Code Execution | ||
15. | Replay Attack | ||
16. | Vulnerable Library | With significant impact over platform | |
17. | Session Hijacking | ||
18. | Overflow attacks |
** Any valid vulnerability with significant Security Impact
Please refrain from the following:
Domain: *.innovaccer.com
Out of Scope Vulnerabilities: