Responsible Disclosure

CATALYST SERVICE PRIVATE LIMITED is committed to protecting its customers' data and privacy. We also recognize the important role that security researchers play in helping us keep our systems secure. We therefore invite security researchers to responsibly disclose potential security vulnerabilities in our systems.

If you believe you have found a security vulnerability in the CATALYST SERVICE PRIVATE LIMITED systems, please contact us at support@cerealswale.com. We will investigate any reported vulnerability and take appropriate steps to address the issue. We are committed to working with security researchers to ensure any vulnerability is properly resolved. Thank you in advance for your help in keeping our customers' data and privacy secure.

Reporting Guidelines

Please provide the following details in your report:

  1. Description and potential impact of the vulnerability;
  2. A detailed description of the steps required to reproduce the vulnerability; and,
  3. Where available, a video Proof of Concept (POC).
  4. Email your report to support@cerealswale.com.

Note: Only vulnerabilities deemed exploitable will be considered for a reward. The determination of exploitability and the acceptance of reported vulnerabilities lie solely at the discretion of the CATALYST SERVICE PRIVATE LIMITED Security Team.

Policy

We ask that:

  1. Security researchers must not violate the privacy of our customers or disrupt the availability of our services.
  2. Security researchers must conduct their activities in compliance with all applicable laws.
  3. Security researchers are encouraged to disclose potential security vulnerabilities in a responsible manner and provide sufficient details to allow CATALYST SERVICE PRIVATE LIMITED to reproduce and resolve the issue.
  4. Security researchers must not publicly disclose any potential security vulnerabilities until CATALYST SERVICE PRIVATE LIMITED has been given a reasonable amount of time to respond and remediate the issue.
  5. Security researchers must not access or use any CATALYST SERVICE PRIVATE LIMITED customer data without permission.
  6. Security researchers should not attempt to exploit a vulnerability or access any company systems without permission.
  7. Security researchers should not attempt to reverse engineer any company code or systems without permission.
  8. Security researchers must not modify any data.
  9. Issues identified via the Nuclei tool are already known to us; please do not report issues found using Nuclei tools.
  10. Only high-severity exploitable issues are eligible for the Hall of Fame.