Target Policy

https://app.intigriti.com/api/core/researcher/programs/cmcom/cmcom

---

Structured Scope

• Asset Identifier

  Asset Type

  Max Severity

• www.cm.com

  URL

  low
• api.cm.com

  URL

  medium
• login.cm.com

  URL

  high
• cm.com/[locale]/app/*

  URL

  medium
• cm.com/[locale]/register

  URL

  medium
• api.cmtelecom.com

  ---

  Some of the applications that are in our scope use our old api.
  If you find a bug on this api and it is from a product that is in scope, it is valid.

  URL

  medium
• cm.com/app/messagingtrial/

  ---

  An application that makes it possible for developers to do a limited test of sending messages using the CM.COM business messaging API.

  What we would like to know is:
  * Can the application be exploited to allow sending more than the allowed number of messages?
  * Can the app be exploited to send to other recipients besides the whitelisted recipients?

  URL

  low
• *.ticketing.cm.com

  ---

  Login to your account and go to https://www.cm.com/en-gb/app/ticketing/
  From here you can create tickets and much more!
  Make sure to take a look at the user-side ticket store as well (https://store.ticketing.cm.com/..)

  URL

  medium

Target Scope Domains

• api.cm.com
• api.cmtelecom.com
• cm.com
• login.cm.com
• ticketing.cm.com
• www.cm.com

• 185 Subdomains
• 336 Endpoints
• Download wordlist

---

Last Finished Scan:

---