FIS
- Points – $20,000 per vulnerability
Updates to several FIS targets
Effective immediately, all 'login*.fisglobal.com' (IdP assets) are temporarily out of scope. We will make an announcement when we make updates to our 'out of scope' items.
In addition to the temporary scope removal above, the targets below are OOS permanently, so as to not create negative client impact. Instead, we will provide generic test environments that mirror prod and other OOS testing environments at the end of the list below.
All .olaccess2.com, securitiesinterlink.fisglobal.com/, transferagency.fisglobal.com/, and transferagencystreamservice.fisglobal.com/ inclusive of but not limited to the URLs outlined below are out of scope:
https://abrdynamic.olaccess2.com
https://ahlisanti.olaccess2.com
https://auxierasset.olaccess2.com
https://thebeehivefund.olaccess2.com
https://conversus.olaccess2.com
https://cornercap.olaccess2.com
https://crafund.olaccess2.com
https://crifunds.olaccess2.com
https://ctucc.olaccess2.com
https://dfdentfunds.olaccess2.com
https://greencentury.olaccess2.com
https://merkfund.olaccess2.com
https://mondrian.olaccess2.com
https://pinebridge.olaccess2.com
https://polarisfund.olaccess2.com
https://safeguardfunds.olaccess2.com
https://soundshore.olaccess2.com
https://southernsun.olaccess2.com
https://usfunds.olaccess2.com
https://dupreefunds.olaccess2.com
https://phaeacianpartners.olaccess2.com/
https://stewardfunds.olaccess2.com/
https://bostontrust.olaccess2.com
https://cavanalhill.olaccess2.com
https://victoryfund.olaccess2.com
https://weitzinvestments.olaccess2.com
https://abrahamtrading.olaccess2.com
https://alger.olaccess2.com
https://alternativefundadvisors.olaccess2.com
https://a3.olaccess2.com
https://bcmfocusfunds.olaccess2.com
https://europacificfunds.olaccess2.com
https://fpafunds.olaccess2.com
https://kennedycapital.olaccess2.com
https://leehawaii.olaccess2.com
https://marsicofunds.olaccess2.com
https://oberweis.olaccess2.com
https://payden.olaccess2.com
https://ppmfunds.olaccess2.com
https://theprivatesharesfund.olaccess2.com
https://smead.olaccess2.com
https://variantfunds.olaccess2.com
https://wasatchfunds.olaccess2.com
https://transferagencystreamservice.fisglobal.com
https://transferagency.fisglobal.com
https://staweb-prod.ext.us.bank-dns.com
https://securitiesinterlink.fisglobal.com
Instead, you may use the following test environments, and only these environments as they pertain to these applications:
https://securitiesinterlinktest.fisglobal.com/banco
https://fisdemouat.olaccess2.com/
https://aumam-fundstransferagencytest.fisglobal.com/amgr/
https://aumdlr-fundstransferagencytest.fisglobal.com/dlr/fis/
https://SASTest-FundsTA.fisglobal.com/
https://SASTest-FundsTA-gen3.fisglobal.com/
http://rtc-fundstransferagencytest.fisglobal.com/index.html
http://rtc-fundstransferagencytest-gen3.fisglobal.com/index.html
https://Gen-services-test-FundsTA.fisglobal.com/
https://Gen-services-test-FundsTA-gen3.fisglobal.com/
https://TAARA-UAT.taservices.fisglobal.com
https://gen-portal-fundstransferagencytest.fisglobal.com/esa/sis/
https://gen-portal-fundstransferagencytest-gen3.fisglobal.com/esa/demo
https://sftp.taservices.fisglobal.com
https://gen-portal-fundstransferagencytest.fisglobal.com/bpcm
https://gen-portal-fundstransferagencytest-gen3.fisglobal.com/bpcm
As always, please be sure to review the program brief in detail, and if you have any questions, please reach out support@bugcrowd.com.
Happy Hunting!