9altitudes - Vulnerability Disclosure Program - Bug Bounty Program

Description

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement

@intigriti.me

Required

User agent

Not applicable

Automated tooling

max. 5 requests /sec

Request header

X-Intigriti-Username: {Username}

By participating in this program, you agree to:

Respect the Community Code of Conduct
Respect the Intigriti Terms and Conditions
Respect the scope of the program
Not discuss or disclose vulnerability information without prior written consent (including PoC's on YouTube and Vimeo)

Check our fix
We offer up to €50 bonus to verify a resolved issue for us (when requested).
This remains at the discretion of 9altitudes to award.

Safe harbour for researchers is applied

Domains

Old 9altitudes related domains

No bounty

Other

Most of these domains are redirected to our current main domains, this is meant to display missed vulnerabilities. Example: active websites with exploits, old integrations connecting current platforms, remote access, other.

*.admiraldynamics.be
*.admiraldynamics.eu
*.bpos-live.com
*.Bredanademo.dk
*.Bredanasolutions.com
*.Bredanasolutions.dk
*.Bredana-solutions.dk
*.bro-consulting.be
*.cayentis.com
*.cayentisxrm.nl
*.cayentis.nl
*.crm4utilities.com
*.crmhugger.nl
*.crm-trainingen.com
*.crm-trainingen.nl
*.crmvoorenergie.com
*.crmvoorenergie.nl
*.dynamicsconnector.net
*.dynamicsconnector.nl
*.Econocap.dk
*.exarte.be
*.gv-s.be
*.marktanalyseonline.nl
*.marktpotentieanalyse.nl
*.neufaltitudes.com
*.neufaltitudes.fr
*.neufaltitudes.nl
*.ninealtitude.com
*.ninealtitudes.com
*.ninealtitudes.dk
*.ninealtitudes.se
*.optigrator.com
*.optigrator.dk
*.optimate.dk
*.optimateas.com
*.optimatecrm.dk
*.optimatetest.dk
*.Pdmlink.dk
*.pylades.com
*.thewitnetwork.be
*.Thingworx.dk
*.uwmarktonline.nl
*.Windchill.dk
*.xrmpartner.com
*.hillstarsrv.nl
*.hillstar.nl

*.9altitudes.*

Out of scope

Wildcard

All data related to the main 9altitudes domains (.com, .nl, .dk, .fr, .si, and other top-level domains).

*.adultimagroup.*

Wildcard

All data related to the main adultimagroup domains (.com, .nl, .dk, .fr, .si, and other top-level domains).

Severity assessment

This program follows Intigriti's contextual CVSS standard

FAQ

Where can we get credentials for the app?

You can self-register on the application but please don’t forget to use your @intigriti.me address.

All aboard!

Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.