New app: Messaging trial
8/18/2023, 11:42:00 AM (6 months ago)

Hello there,

We wanted to let you know we have added a new application to our portfolio.
The messaging trial app is an application that makes it possible for developers to do a limited test of sending messages using the CM.COM business messaging API.

What we would like to know is:

  • Can the application be exploited to allow sending more than the allowed number of messages?
  • Can the app be exploited to send to other recipients besides the whitelisted recipients?

Kind regards,
CM Security

Tier 1 & Higher Payouts
4/17/2023, 2:07:01 PM (11 months ago)

Dear amazing bounty hunter,

We've added Tier 1 to our bug bounty program!
For now this tier includes our login.cm.com domain, with plans for future expansion.
But that is not all..... Besides adding a tier, we have also increased the bounties for Tier 2 and Tier 3!
We are currently looking into expanding the scope of our bug bounty program, so keep an eye out for updates posted here!

Thank you for helping us keep our platform safe and secure.
Happy hunting!

Kind regards,
CM Security

The program is open again
9/5/2022, 7:31:38 AM (over 1 year ago)

...and we're back!

We have just resumed the bug bounty program.

Happy hunting!

Kind regards,
CM Security

Temporary suspension of program
8/29/2022, 7:12:44 AM (over 1 year ago)

Dear bug bounty hunter,

Due to interfering projects, we have temporarily suspended our bug bounty program.

We expect to resume the program on 5 Sept 2022.

Please, come back soon!

Kind regards,
CM Security

Changes in payouts, scope & severity assessment update
8/26/2021, 1:42:15 PM (over 2 years ago)

Dear amazing hacker,

We wanted to give you an update on our program.
Let's start off with the bounty pay-outs. These have been increased. 📈

We've also made a change to our scope.
You can now also submit bugs for *.cm.com
This contains more than 80 subdomains 🚀

For now this will follow a no-bounty policy.
This is because the security level of the items in this scope vary a great deal.
However, we will give a nice bonus for bugs with a significant impact 😄

We also implemented the Intigriti severity assessment guide.

In a few weeks we are planning to expend the scope even more with a new domain including 300+ subdomains ⌚

Happy hacking!

Kind regards,
Thijs0x57

New Ticketing App!
5/4/2021, 9:15:40 AM (almost 3 years ago)

Dear amazing hacker,

In the past few months we have received some amazing write-ups and reports.
Thank you for putting in all the effort!

You might know the ticketing app in our platform, if you haven't noticed, it has been updated!
To ensure it is safe we want to highlight this change through this update.

Today I also want to give you the chance to test a temporary scope.
You can start testing RIGHT NOW until 09 May 2021 - 21:00 (9PM) CEST / Time-and-Date

This product is in Dutch so I advice to use a translation plugin if you don't speak Dutch :)
In order to use the shop you will need a special code.
We have created a range of codes, please only use a necessary amount to prove your write-up.
The codes are as following, from: INTIGRITI01 - to - INTIGRITI1000
Check it our right here: https://www.cm.com/app/jumbo-promotion-shop/promotional-codes

Kind regards,
CM.com Security Team

New Application!
2/4/2021, 12:15:09 PM (about 3 years ago)

We are adding a new application to the scope!
This application is the Ticketing application.

Important! Please use the IP known to intigriti and your @intigriti.me accounts, otherwise it is highly likely you will be blocked.

How does this work?
Login to your account and go to https://www.cm.com/en-gb/app/ticketing/
From here you can create tickets and much more!
Make sure to take a look at the user-side as well (https://reserve.cmtickets.com/{GUID-OF-TICKET})

Have fun!

Kind regards,
CM.com Security Team

We are reopening
12/21/2020, 11:06:58 AM (about 3 years ago)

I'm happy to announce that the program is opening again.
We're looking forward to your submissions!

Please do not use automatic scanners -be creative and do it yourself! We cannot accept any submissions found by using automatic scanners. Scanners also won't improve your skills, and can cause a high server load (we'd like to put our time in thanking researchers rather than blocking their IP's 😉)

Suspended
11/25/2020, 4:35:35 PM (over 3 years ago)

Unfortunately we had to suspend the program until after black friday. Some components broke on our platform.

Scope change
11/25/2020, 3:56:41 PM (over 3 years ago)

We have removed www.cm.com/[locale]/ajax because it might be causing issues on our platform. We are investigating and will be sure to add it back when these issues are resolved.