Coordinated Vulnerability Disclosure (CVD)

Have you discovered a vulnerability in an Viseca IT system or application and want to report it? Please follow our Coordinated Vulnerability Disclosure process and report it in the form below.

Reporting

To report identified vulnerabilities in a Viseca system, please follow our process and guidelines:

  • Complete the form below including details of your discovery. 
  • Provide as much information as possible to enable the vulnerability to be reproduced. This helps to speed up the process.
  • For more complex vulnerabilities, Viseca might need to communicate directly with you. Please provide at least an email address or phone number.

Guidelines

The discovery and reporting of vulnerabilities can have civil and criminal consequences. The associated risks can be reduced if you follow these rules:

  • Do not discuss the security vulnerability you have discovered with anyone other than Viseca during the coordinated disclosure process.
  • Once you have reported a vulnerability, do not repeatedly interact with the affected system during the coordinated disclosure process.
  • Do not leverage vulnerabilities to download, modify or delete any data beyond the minimum necessary actions to provide a proof of concept.
  • Do not attempt to elevate privileges, or explore a system beyond the minimum necessary to provide a proof of concept.
  • Do not exfiltrate other users’ data, use only your own account(s) for testing.
  • Do not attempt to gain access to a system using brute force or social engineering techniques.
  • Do not use denial of service attacks.
  • Do not install malware or viruses.
  • When possible, specify in your report what IP addresses you were using when you discovered the vulnerability, this will help assess potential exploitations and reducing false positive alerts.
  • Communicate your intentions to Viseca, if you plan to disclose your findings publicly (advisory, conference talk, article, etc.).

What you can expect from our CVD program:

  • If a vulnerability affecting Viseca system is submitted in compliance with the specified rules above and the reporter acts in good faith, without fraudulent intent nor intention to harm, Viseca will not pursue civil or criminal action against you.
  • You can choose to send your vulnerability reports anonymously to Viseca.
  • Viseca will treat reports as confidential and will not share the personal data of the reporting parties or receiving organisation without their respective consent.
  • Provided you have given your consent, we will credit you by name as the reporter of a vulnerability.
  • You will receive an acknowledgement of receipt within 3 business days of disclosing the issue.
  • Whenever possible, Viseca will keep the reporting party informed of developments and the remedy for the vulnerability.
  • Currently, the Viseca CVD program does not offer any recompense to reporters.

Report vulnerability

This field is for validation purposes and should be left unchanged.

Vulnerability

Brief description of the vulnerability.
Description severity level see https://www.first.org/cvss/calculator/3.0.
Describe your observation in as much detail as possible to help us reproduce the problem.
Describe the impact of the vulnerability. What is affected, if the vulnerability is exploited?
If available, a mitigation approach can be described here.
Drop files here or
Max. file size: 15 MB.
    Please use ASCII-text (for example Markdown), pdf or png files for the documentation.

    Personal Information

    Consent(Required)

    Karte sperren:
    in der one App oder +41 58 958 83 83 (24h) 

    Search
    Privatkunden
    Geschäftskunden
    Kundenportal
    one
    Login