Reporting a vulnerability
If you have found a vulnerability, please contact us at [email protected].
In order to make the review process smooth and effective, please include all the technical details required to identify and reproduce the issue, as long as your estimation of the impact. The report should normally include:
- Vulnerable host or application name
- Brief description of the issue
- Brief description of the impact (e.g. unauthorized access to user account, privilege escalation, etc.)
- Link to the calculated CVSS v3.0 rating
- Steps to reproduce
- Attack scenario
- Be patient and give us reasonable time to review and fix the issue you have reported. We are committed to fix valid submissions within 90 days or less.
- Do not disclose any vulnerability information in a web service publicly or privately before the fix is confirmed by Intermedia or the report is rejected.
- Do not disclose any vulnerability information in a mobile or desktop application publicly or privately before it is fixed and within 30 days after the fix is confirmed by Intermedia or the report is rejected.
- Do not disclose any sensitive information that may have been accidently obtained during vulnerability research.
Any activities conducted in good faith in a manner consistent with this Program will be considered authorized conduct, and we will not initiate legal action against you for such activities. If legal action is initiated by a third party against you in connection with activities conducted under this Program, we will take steps to make it known that your actions were conducted in compliance with this Program.
Intermedia reserves the right to discontinue or change the terms of this Program at any time without notice. Intermedia further reserves the right of final decision on the interpretation of the terms of this Program.