Bug Bounties

Mendix

Powered by: 

Allows bounty splitting: 

Average time to first program response: 9

Average time to bounty awarded null: 

Average time to report resolved: 199

Handle mendix

Managed program: true

Name: Mendix

Offers bounties: false

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/mendix

Website: https://mendix.com

In scope:

  • Asset identifier: *.mendix.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: # *.mendix.com This is an open-ended program, we want to be better and we welcome your help us get there. ## Observations - Some of the sub-domains are behind sign-up - The CIA impact will vary depending on the explored vulnerabilities.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.timeseries.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.timeseries.nl
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: 3dvis.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: #3dvis.mendixcloud.com 3dviewer production environment
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: 3s.mendixcloud.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://3s.mendixcloud.com
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: alm.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://alm.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: contributor.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: #contributor.mendixcloud.com This is a frontend application for onboarding flow in Marketplace. ## Endpoints - URL: https://contributor.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: datalake-sync.apps.mendix.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://datalake-sync.apps.mendix.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: dataprivacy.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://dataprivacy.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: dealservice.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://dealservice.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: deskallocation.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://deskallocation.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: employees.mendix.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://employees.mendix.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: event.us-east-1.sws.siemens.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: # Event Notification Service This one is one of our forthcoming applications and we would like your help to check it out! ## Endpoints - App's URL: https://event.us-east-1.sws.siemens.com/
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: gateway.us-east-1.sws.siemens.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: # Authorization information: Endpoint : gateway.us-east-1.sws.siemens.com - samAccessKeyId : 3491d6d93e82498e828d468ebce592f0 - samSecretAccessKey : gAgnBmdPGnlOtX/I0CoY7aIJVoU95lkJ7DorNXI1SBk=
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://react.vis.pre2.usea1.devops.sws.siemens.com/sample/dist/index.html
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 3dviewer dev/testing environment
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: k8s-licbrk-licenseb-11d216e80e-384217420.eu-central-1.elb.amazonaws.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: license broker url: k8s-licbrk-licenseb-11d216e80e-384217420.eu-central-1.elb.amazonaws.com
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: marketplaceadmin.mendixcloud.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: mxbpconfig.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: # Visualisation Platform This application is used for Mendix Basic Package configuration. ## Endpoints - App's URL: https://mxbpconfig.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: mxpeople.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://mxpeople.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: notification.billing.appservices.mendix.com/
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: o0pv3l7chl.execute-api.us-east-1.amazonaws.com/dev
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: # o0pv3l7chl.execute-api.us-east-1.amazonaws.com/dev Please use the following credential when testing this endpoint: - x-api-key (authentication header): ZLHxyM4kfB6jPdoAwDStfJJn8k3zOofawN9VpZy3
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: poh0v3odoi.execute-api.eu-central-1.amazonaws.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: provisioning.servicemanagement.mendix.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: revenuedatahub.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://revenuedatahub.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: servicemanagement-accp.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: simplate.mendixcloud.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: ## Endpoints - URL: https://simplate.mendixcloud.com
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: slm.store.mendix.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: #slm.appservices.mendix.com AppService Lifecycle service ## Endpoints - URL: https://slm.store.mendix.com
  • Integrity requirements: high
  • Max severity: critical