Did you find a vulnerability on anaplan.com? Use these guidelines and instructions to report the vulnerability to us. 

We take security seriously and will thoroughly investigate your report.

In-scope: *.anaplan.com

Out of scope:

• community.anaplan.com

• usergroups.anaplan.com

• third-party domains

   

Guidelines

This page is only for responsible disclosures.

• Please notify us as soon as possible after finding a vulnerability on anaplan.com.

• Provide the technical details, steps to exploit, and a proof of concept, if available.

• Don’t exploit vulnerabilities that will cause a service disruption or social engineer or phish our employees to prove out the vulnerability.

• Avoid privacy violations. If an exploited vulnerability results in access to personally identifying or confidential information, don’t transfer, alter, or destroy it.

• Refrain from publicly disclosing the vulnerability before it’s fixed.
• We do not provide bounties at this time

Out-of-scope vulnerabilities

We won’t consider these submissions:

• Vulnerabilities from scanners and tools

• Issues related to HTTP headers

• Error messages that don’t include sensitive information

• Issues related to SSL/TLS configurations

• Clickjacking on static web pages

• Use of outdated software and libraries

Report a vulnerability

Email us with the full details and a proof of concept at: disclosures@anaplan.com.