HERE Technologies/Here Technologies/Detail
Detail Updates Leaderboard
sort by
Last published
Tier 2 scope update: employee user accounts
7/17/2024, 6:05:50 PM (12 months ago)

Hi Intigriti community!
Please help us to identify leaked/compromised employee accounts within the domain @here.com for any service in domains *.here.com (excluding unverified accounts on account.here.com) and here.okta.com, for example john.doe@here.com account for in.here.com. If you come across any such accounts, whether compromised due to malware infections, security breaches, or any other cause, please notify us. Depending on account setup and environment valid and non-duplicate reports will be accepted with Low/Medium severity. Please make sure to provide as much information as you can on the source and the reason of account compromise, for example - date of compromise, hostname, stealer id, source you obtained info from.

Tier 2 scope update: Jaguar & LandRover endpoints added
7/9/2024, 8:10:21 PM (about 1 year ago)

Hi Intigriti community!
We just updated Tier 2 scope with this new info - landrover.here.com and jaguar.here.com domains were added. More is coming!
Stay tuned!

Tier 3 scope update - please report us Spring4Shell!
4/1/2022, 5:49:52 PM (over 3 years ago)

Hi Intigriti!
As always, we need your help to make sure there are no customer facing HERE applications which are affected by recent Spring4Shell vulnerability (CVE-2022-22965).
We just updated Tier 3 (*.here.com, *.hereapi.com) scope with this new info. Hope you will be able to find some time and help us find something what our eye's might have missed!
Stay tuned!

Scope extended: "HERE Routing" added
3/28/2022, 7:41:04 PM (over 3 years ago)

Hi Intigriti!
We wanted to let you know that we just extended scope of our program! One of our current goals is to make sure that HERE “Location Services”, which are used all over the world to make our lives easier when we are dealing with travelling from point A to point B, are secure and safe to use. And we need your help to achieve this goal! I’m excited to announce that today we made our first step towards it by adding into scope services which represent HERE Routing eco system. Hope you’ll be able to help us verify that everything is good from security perspective there!

Scope update: help us respond to Log4J RCE vulnerability (*.here.com)
12/20/2021, 4:19:06 PM (over 3 years ago)

Hi Intigriti!
Last several days was real fun for our security team - handling such a big thing like Log4J RCE vulnerability is always a good exercize.
As a part of our response to this vulnerablity - we need your help - we are extending our scope to *.here.com (Tier 3) for this specific RCE vulnerability (CVE-2021-44228) and hope you will be able to help us find something what our eye's might have missed!