Blackbaud Vulnerability Disclosure Program
New Targets added and guidelines updated for Blackbaud VDP
Dear Researchers,
We have exciting news from Blackbaud!!!!
There is an update to the [IN SCOPE TARGETS] section on Bugcrowd, as of Tuesday, February 11, 2021. The following domains are added to be in scope for our bug bounty program, going forward.
New sites added to IN-SCOPE:
https://.blackbaudhosting.com/
https://.blackbaud.net/
https://.blackbaudondemand.com/
https://hostnet65.microedge.com/
The above sites cover a multitude of Blackbaud products and offerings, under Blackbaud Hosting Services (https://www.blackbaud.com/training-support/support/howto/blackbaud-hosting-services). Blackbaud Hosting Services provides secure, reliable, and accessible solutions for Blackbaud clients looking to host their software off-premise. The applications covered by this offering range from The Raiser's Edge®, The Financial Edge™, The Education Edge™, ResearchPoint™ , and Blackbaud Student Information System™.
Additions to the Guidelines on Program Brief:
If you are able to find compromised credentials or any other credentials that tie to Blackbaud products/environments/customers/sites, we request the researchers to refrain from testing/using the credentials and report the credentials to Blackbaud through the VDP program and protect the privacy of our customers and data.
Any Authentication/authorization bypass vulnerabilities discovered that provide access to the site/products should be disclosed immediately and not be leveraged for further testing.
As always, we appreciate your continued contribution, aiding us to secure our products, information, and customers.
Please review the program brief in detail and if you have any questions, please feel free to reach out the Bugcrowd Support Team (support@bugcrowd.com).
Get out there and lay claim to those bugs!
Blackbaud Cyber Security
