FIS

Advancing the ways the world pays, banks and invests.

  • Points – $20,000 per vulnerability
  • Safe harbor
Submit report

Updates to several FIS targets

Effective immediately, all 'login*.fisglobal.com' (IdP assets) are temporarily out of scope. We will make an announcement when we make updates to our 'out of scope' items.

In addition to the temporary scope removal above, the targets below are OOS permanently, so as to not create negative client impact. Instead, we will provide generic test environments that mirror prod and other OOS testing environments at the end of the list below.

All .olaccess2.com, securitiesinterlink.fisglobal.com/, transferagency.fisglobal.com/, and transferagencystreamservice.fisglobal.com/ inclusive of but not limited to the URLs outlined below are out of scope:

https://abrdynamic.olaccess2.com
https://ahlisanti.olaccess2.com
https://auxierasset.olaccess2.com
https://thebeehivefund.olaccess2.com
https://conversus.olaccess2.com
https://cornercap.olaccess2.com
https://crafund.olaccess2.com
https://crifunds.olaccess2.com
https://ctucc.olaccess2.com
https://dfdentfunds.olaccess2.com
https://greencentury.olaccess2.com
https://merkfund.olaccess2.com
https://mondrian.olaccess2.com
https://pinebridge.olaccess2.com
https://polarisfund.olaccess2.com
https://safeguardfunds.olaccess2.com
https://soundshore.olaccess2.com
https://southernsun.olaccess2.com
https://usfunds.olaccess2.com
https://dupreefunds.olaccess2.com
https://phaeacianpartners.olaccess2.com/
https://stewardfunds.olaccess2.com/
https://bostontrust.olaccess2.com
https://cavanalhill.olaccess2.com
https://victoryfund.olaccess2.com
https://weitzinvestments.olaccess2.com
https://abrahamtrading.olaccess2.com
https://alger.olaccess2.com
https://alternativefundadvisors.olaccess2.com
https://a3.olaccess2.com
https://bcmfocusfunds.olaccess2.com
https://europacificfunds.olaccess2.com
https://fpafunds.olaccess2.com
https://kennedycapital.olaccess2.com
https://leehawaii.olaccess2.com
https://marsicofunds.olaccess2.com
https://oberweis.olaccess2.com
https://payden.olaccess2.com
https://ppmfunds.olaccess2.com
https://theprivatesharesfund.olaccess2.com
https://smead.olaccess2.com
https://variantfunds.olaccess2.com
https://wasatchfunds.olaccess2.com
https://transferagencystreamservice.fisglobal.com
https://transferagency.fisglobal.com
https://staweb-prod.ext.us.bank-dns.com
https://securitiesinterlink.fisglobal.com

Instead, you may use the following test environments, and only these environments as they pertain to these applications:

https://securitiesinterlinktest.fisglobal.com/banco
https://fisdemouat.olaccess2.com/
https://aumam-fundstransferagencytest.fisglobal.com/amgr/
https://aumdlr-fundstransferagencytest.fisglobal.com/dlr/fis/
https://SASTest-FundsTA.fisglobal.com/
https://SASTest-FundsTA-gen3.fisglobal.com/
http://rtc-fundstransferagencytest.fisglobal.com/index.html
http://rtc-fundstransferagencytest-gen3.fisglobal.com/index.html
https://Gen-services-test-FundsTA.fisglobal.com/
https://Gen-services-test-FundsTA-gen3.fisglobal.com/
https://TAARA-UAT.taservices.fisglobal.com
https://gen-portal-fundstransferagencytest.fisglobal.com/esa/sis/
https://gen-portal-fundstransferagencytest-gen3.fisglobal.com/esa/demo
https://sftp.taservices.fisglobal.com
https://gen-portal-fundstransferagencytest.fisglobal.com/bpcm
https://gen-portal-fundstransferagencytest-gen3.fisglobal.com/bpcm

As always, please be sure to review the program brief in detail, and if you have any questions, please reach out support@bugcrowd.com.

Happy Hunting!

FIS_EL
FIS_EL