
Read the new Forrester report: The Total Economic Impact™ of Anaplan
Third-party research findings uncover a 303% ROI over a 3-year period across a composite of multiple customers
Did you find a vulnerability on anaplan.com? Use these guidelines and instructions to report the vulnerability to us.
We take security seriously and will thoroughly investigate your report.
In-scope: *.anaplan.com
Out of scope:
community.anaplan.com
usergroups.anaplan.com
third-party domains
This page is only for responsible disclosures.
Please notify us as soon as possible after finding a vulnerability on anaplan.com.
Provide the technical details, steps to exploit, and a proof of concept, if available.
Don’t exploit vulnerabilities that will cause a service disruption or social engineer or phish our employees to prove out the vulnerability.
Avoid privacy violations. If an exploited vulnerability results in access to personally identifying or confidential information, don’t transfer, alter, or destroy it.
We won’t consider these submissions:
Vulnerabilities from scanners and tools
Issues related to HTTP headers
Error messages that don’t include sensitive information
Issues related to SSL/TLS configurations
Clickjacking on static web pages
Use of outdated software and libraries
Email us with the full details and a proof of concept at: disclosures@anaplan.com.