//
Detail Updates Leaderboard
Description

HERE Technologies, is a global company that’s rooted in the evolution of digital maps and location technology. We offer a location data and technology platform, that moves people, businesses and cities forward by harnessing the power of location. The HERE platform caters to a variety of tasks related to bringing your own data, map, service, logic and algorithms for location enrichment.

Bounties
Low
0.1 - 3.9
Medium
4.0 - 6.9
High
7.0 - 8.9
Critical
9.0 - 9.4
Exceptional
9.5 - 10.0
Tier 2
50
250
1,000
1,600
2,000
Tier 2
€50 - €2,000
Tier 3
0
0
0
0
1,000
Tier 3
Up to €1,000
Rules of engagement
Required
Not applicable
max. 5 requests /sec
X-Bug-Bounty: <username>

Our promise to you

We know how it could be frustrating sometimes to wait for a response after submitting a vulnerability report (been there) and we want to ensure you that we will be in touch with you within following timelines:

  • 2 business days for every exceptional and critical severity issue you report
  • 5 business days for every high severity issue
  • 10 business days for every medium severity issue
  • 15 business days for every low severity issue

Depending on issue severity our promise is to be in touch with you on regular bases to provide updates from our side.

  • We are happy to respond to any questions, please use the button in the right top corner for this.
  • We respect the safe harbor clause that you can find below

Your promise to us

  • All reports should be written in English
  • Provide detailed but to the point reproduction steps
  • Include a clear attack scenario. How will this affect us exactly?
  • Remember: quality over quantity!
  • Please do not discuss or post vulnerabilities without our consent (including PoC's on YouTube and Vimeo)
  • Please do not use automatic scanners (be creative and do it yourself!). We cannot accept any submissions found by using automatic scanners. Scanners also won't improve your skills, and can cause a high server load (we'd like to put our time in thanking researchers rather than blocking their IP's 😉)
Domains
tier
type

*.account.api.here.com

Tier 2
Wildcard

*.account.here.com

Tier 2
Wildcard

*.mobilitygraph.hereapi.com

Tier 2
Wildcard

Including, but not limited to, following applications:
https://predictor.mobilitygraph.hereapi.com/
https://profile.mobilitygraph.hereapi.com/
https://subscription.mobilitygraph.hereapi.com/

*.router.hereapi.com

Tier 2
Wildcard

Including, but not limited to, following applications:
https://matrix.router.hereapi.com/
https://subp-als.matrix.router.hereapi.com/v8/matrix
https://transit.router.hereapi.com/
https://intermodal.router.hereapi.com/

*.scbe.api.here.com

Tier 2
Wildcard

*.subp-router.hereapi.com

Wildcard

Including, but not limited to, following application:
https://vip-als.subp-router.hereapi.com/

Severity assessment

This program follows Intigriti's contextual CVSS standard

FAQ

Where can we get credentials for the app?

You can self-register on the application but please don’t forget to use your @intigriti.me address.

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.