www.vodafone.com
Open in
urlscan Pro
2600:1f18:16e:df02::1f4
Public Scan
Submitted URL: https://disclosure.automotive.vodafone.com/
Effective URL: https://www.vodafone.com/about-vodafone/how-we-operate/consumer-privacy-and-cyber-security/cyber-security/report-a-vulner...
Submission: On July 30 via automatic, source certstream-suspicious — Scanned from US
Effective URL: https://www.vodafone.com/about-vodafone/how-we-operate/consumer-privacy-and-cyber-security/cyber-security/report-a-vulner...
Submission: On July 30 via automatic, source certstream-suspicious — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
Close Country Selector
ARE YOU LOOKING FOR INFORMATION ABOUT OFFERS, DEVICES OR YOUR ACCOUNT?
Please choose your local Vodafone website
AFRICA
* Egypt (EN)
* RD Congo
* مصر
* Tanzania (EN)
* ኢትዮጵያ
* Kenya
* Moçambique
* Lesotho
* Republiek van Suid-Afrika
ASIA PACIFIC
* भारत
* Türkiye
EUROPE
* Shqipëri
* Nederland
* Česká Republika
* United Kingdom
* Deutschland
* Portugal
* España
* România
* Ελλάδα
* Ireland
* Italia
No thanks, I want to stay on Vodafone.com
* About
* Go to About
* Who we are
* Go to Who we are
* Our purpose
* Go to Our purpose
* Empowering people
* Protecting the planet
* Maintaining trust
* Together we can
* People and culture
* Go to People and culture
* Workplace equality
* Domestic violence and abuse
* Fair Pay at Vodafone
* UK Gender Pay Gap
* Workplace safety
* Code of Conduct
* Leadership
* Go to Leadership
* Board of Directors
* Executive committee
* Board committees
* What we do
* Go to What we do
* Innovation
* Go to Innovation
* Digital Transformation
* Artificial Intelligence
* Augmented Virtual Reality
* Technology
* Go to Technology
* Open RAN – all you need to know
* Network as a Platform (NaaP)
* 5G – all you need to know
* Internet of things (IoT)
* Next Generation Network (NGN)
* Connected drones
* Consumer products and services
* Go to Consumer products and services
* Broadband and Super WiFi
* V by Vodafone
* M-PESA
* Television
* Devices – technical documentation
* Business products and services
* Where we operate
* Go to Where we operate
* Vodafone in the Americas
* Partner markets
* Go to Partner markets
* Partner Markets Stories
* Vodafone Voice and Roaming Services
* Go to Vodafone Voice and Roaming Services
* Roaming Hub
* Travel Mobility
* Maritime Mobility
* Sponsored Roaming
* Managed Services
* IPX Services
* International Voice
* Privacy Policy
* How we operate
* Go to How we operate
* Our strategy
* Go to Our strategy
* Europe consumer
* African technology leader
* Vodafone Business
* Public Policy
* Go to Public Policy
* Shaping the future of connectivity
* Suppliers
* Go to Suppliers
* Suppliers purpose overview
* Supplier ethics
* Policies and requirements
* Vodafone Procurement Company
* Vodafone Pass partner portal
* Supplier management help
* Vodafone Autonomous Procurement Platform
* Vodafone Business Product & Services IoT E2E Solutions
* Consumer privacy and cyber security
* Go to Consumer privacy and cyber security
* Data principles
* Privacy centre
* Cyber security
* Cost of living
* COVID-19
* Reporting centre
* Go to Reporting centre
* Government assistance demands reporting
* Tax and Economic Contribution
* Go to Tax and Economic Contribution
* Vodafone's tax principles and strategy
* Vodafone corporation tax
* Corporate responsibilities and obligations
* Vodafone, Luxembourg and tax havens
* Multinationals, governments and tax
* Tax and emerging markets
* Political and tax policy advocacy
* UK Gender Pay Gap
* Sustainability reports
* Sustainable Business
* Go to Sustainable Business
* Empowering people
* Go to Empowering people
* Closing the digital divide
* Go to Closing the digital divide
* Increasing mobile Broadband Coverage
* Democratising access to connectivity
* Empowering customers
* Go to Empowering customers
* Supporting small businesses to digitalise
* Connecting people to financial services
* Supporting communities
* Protecting the planet
* Go to Protecting the planet
* Tackling carbon emissions
* Enabling the green transition
* Promoting circularity
* Switch To Green
* Maintaining trust
* Go to Maintaining trust
* Human rights
* Go to Human rights
* Our policy
* Managing human rights
* Our impacts
* Handling government demands
* Go to Handling government demands
* Challenges for operators
* Managing government demands
* Our principles and policies
* Government assistance demands reporting
* Responsible supply chain
* Go to Responsible supply chain
* How we manage our Supply Chain
* Engaging with our suppliers
* Child rights and online safety
* Go to Child rights and online safety
* Useful resources for child online safety
* Anti-bribery & corruption
* Mobiles, masts and health
* Go to Mobiles, masts and health
* Is 5G safe to use?
* Our commitments and goals
* Independent research
* How the technology works
* Health: the science and evidence
* Workplace Equality
* Our contribution to UN SDGs
* Sustainability Reporting
* News
* Go to News
* Categories
* Go to Categories
* Corporate and Financial
* Empowering People
* Protecting the Planet
* Products
* Public Policy
* Services
* Technology
* Vodafone Foundation
* For Journalists
* Visual Assets
* Campaigns & Events
* Go to Campaigns & Events
* Vodafone’s Digital Enabler Showcase
* Mobile World Congress (MWC)
* Global Citizen: Our 2020 heroes
* Contact us
* Investors
* Go to Investors
* Annual report 2024
* Vodafone Business
* Go to Vodafone Business
* Large Enterprise
* Small and Medium Business
* Public Sector
* Carrier Services
* Careers
* Go to Careers
* _VOIS
* Vodafone Foundation
* Go to Vodafone Foundation
* About Vodafone Foundation
* Focus Areas
* Go to Focus Areas
* Apps against abuse
* Go to Apps against abuse
* 1 in 3
* SkillsUpload Europe
* DreamLab
* Go to DreamLab
* Albania
* Czech Republic
* Democratic Republic of the Congo
* Germany
* Ghana
* Greece
* Ireland
* Lesotho
* Mozambique
* Netherlands
* Portugal
* Tanzania
* South Africa
* Spain
* Turkey
* UK
* Employee Fundraising
* Girls and Mobile
* Instant Network Schools
* Instant Schools
* m-mama
* Vodafone Volunteers
* Our Impact
CountriesSearch
REPORT A VULNERABILITY
REPORTING VULNERABILITIES
We value the expertise and help of the cyber security community in helping us
maintain our high security standards. You can use this site to report any
suspected security vulnerabilities related to our services or products.
If you are aware of a vulnerability that could affect Vodafone’s services or
products, please contact us via the link disclosed under “How to Report a
Vulnerability”. Our security specialists will review all submissions and, where
required, work with you to make sure we are able to fix any potential issues as
quickly as possible.
RULES OF ENGAGEMENT
VULNERABILITY DISCLOSURE POLICY GUIDELINES
As a responsible member of the cyber security community, your expertise can help
us fix potential issues faster and more effectively. If you find a suspected
vulnerability relevant to Vodafone, please let us know so we can fix the problem
as soon as possible.
Finder responsibilities
* Do submit your reports in English
* Do exercise caution and restraint with regard to personal data and do not
intentionally engage in attacks against third parties, social engineering,
denial-of-service attacks, physical attacks on any Vodafone property or
spamming or otherwise causing a nuisance to other users.
* Do provide Proof-of-Concept or sufficient information to enable reproduction
of the vulnerability, so that it can be verified, reproduced, and possible
remedies identified. Generally, identification of the vulnerable target, a
description of the vulnerability and operations carried out to exploit the
vulnerability are sufficient, but more details and information might be
required in the case of complex vulnerabilities.
* Do not abuse the vulnerability by causing disruption through your actions.
* Do not share information about the vulnerability with others until it has
been resolved in accordance with the Vodafone Responsible Disclosure policy
timeframes.
* Do submit one vulnerability per report, unless you need to chain
vulnerabilities to provide impact.
Vodafone responsibilities
* Treat submitted reports confidentially and will not share the finder’s
personal details with third parties without their authorisation, unless
required in order to do so to comply with legal obligations.
* Resolve all submitted reports as quickly as possible.
* Vodafone do not operate a bug bounty or hall of fame programme.
Non-qualifying vulnerability submissions
When reporting vulnerabilities, please consider (1) attack scenario /
exploitability, and (2) security impact of the bug. The following issues are
considered out of scope:
* Clickjacking on pages with no sensitive actions
* Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no
sensitive actions
* Attacks requiring MITM or physical access to a user's device.
* Previously known vulnerable libraries without a working Proof of Concept.
* Comma Separated Values (CSV) injection without demonstrating a vulnerability.
* Missing best practices in SSL/TLS configuration.
* Any activity that could lead to the disruption of our service (DoS).
* Content spoofing and text injection issues without showing an attack
vector/without being able to modify HTML/CSS
* Rate limiting or bruteforce issues on non-authentication endpoints
* Missing best practices in Content Security Policy.
* Missing HttpOnly or Secure flags on cookies
* Missing email best practices (Invalid, incomplete or missing SPF/DKIM/DMARC
records, etc.)
* Vulnerabilities only affecting users of outdated or unpatched browsers [Less
than 2 stable versions behind the latest released stable version]
* Software version disclosure / Banner identification issues / Descriptive
error messages or headers (e.g. stack traces, application or server errors).
* Tabnabbing
* Open redirect - unless an additional security impact can be demonstrated
* Issues that require unlikely user interaction
* Static resources / public information "exposed" in storage buckets
* Physical attacks towards any Vodafone property
Reporting other non-vulnerability issues
If you want to report any other type of issue not related to security, please
refer to the support or contact pages of the relevant Vodafone Local Market,
Vodafone Partner Market or Vodafone Business website.
How to report a vulnerability
Please help us by providing as much information as possible about the problem
you have discovered. If you have not yet done so, please remember to review our
rules and guidelines previously announced before submitting the information
here.
linkedintwitteryoutubeinstagramfacebook
INVESTORS
* Annual report
* Financial results
* Shareholders
MAINTAINING TRUST
* Code of conduct
* Modern slavery statement
* Responsible supply chain
* Mobiles, masts and health
SUPPLIERS
* Ethics
* Policies and requirements
* Management help
* Vodafone Pass Partner Portal
CAREERS
* Our Teams
* Students and Graduates
* Hear from our people
* Be yourself and belong
* Site map
* Terms and conditions
* Privacy and cookies
* Accessibility
* Report a vulnerability
* Contact us
©2024 Vodafone Group
Vodafone Group Plc. Registered Office: Vodafone House. The Connection, Newbury,
Berkshire RG14 2FN. Registered in England No 1833679
We use cookies to improve your experience on this site. Read our policy
Your Cookies
We use cookies, including from our partners, to enhance and personalise your
experience. Accept all cookies below, or select “Manage Cookies” to choose which
cookies we can use. Reject all means you are rejecting all non essential
cookies. Please see our Cookie Policy for more information.
Manage Cookies Reject all cookies Accept all cookies
Offset Resolution
Close