Security Vulneravility | Sage Sales Management

Responsible Disclosure

We encourage you to contact us if you’ve found a security vulnerability.

Have you found a security vulnerability?

If you think you’ve discovered an issue with Sage Sales Management security measures, please fill the form so that we can address your concern as quickly as possible.

Web domains and applications included on the program

forcemanager.com
app.forcemanager.net
Sage Sales Management for iOS
Sage Sales Management for Android

Types of vulnerabilities that do not qualify

Vulnerabilities on infrastructure not operated by Sage Sales Management
Insecure settings of cookies for non-sensitive cookies
Misconfiguration of OpenSSL
Missing headers for non-sensitive services
Denial of service attacks
Brute forcing
Logout Cross-Site Request Forgery
Exposed login pages

Rules to follow for the Bug to be accepted

Provide necessary informations about all steps to reproduce a vulnerability
Don’t publicly disclose a bug before it has been fixed
Don’t attempt to gain access to other users accounts or data
While performing vulnerability research make sure your to not disrupt our services
Do not perform phishing or social engineering attacks
We’re not cooperating with vulnerability brokers
Do not use automated scanners and do not send reports from such scanners
If in doubt, please contact us on security@forcemanager.com