| Reporter | Issue |
|---|---|
| Biswajeet Ray | Clickjacking vulnerability |
| Virendra Yadav | Security misconfiguration |
Reporting a cyber security issue
To improve the protection of its information and communication technologies (ICT) systems and assets, UN Women encourages the public to assist with its efforts by disclosing vulnerabilities in UN Women’s publicly accessible information systems and assets as well as reporting cyber security issues.
What to report | Reporting policy | Information Security Hall of Fame
What to report to UN Women
The public is invited to report cyber security issues, incidents, and details of vulnerabilities associated with publicly accessible UN Women ICT systems, including websites.
Reporting policy
UN Women will accept disclosures of vulnerabilities and cyber security issues and incidents under the following conditions:
- The vulnerability and/or cyber security issue or incident has not already been publicly disclosed.
- The vulnerability and/or cyber security issue or incident should be reported to UN Women as quickly as possible after its discovery.
- The findings must remain confidential for at least 90 days following the date the vulnerability or cyber security issue or incident was reported to UN Women or until public disclosure of the vulnerability has been made on this website.
- The severity of a vulnerability finding is assessed by UN Women at its own discretion.
- The name and contact information of the reporter may be disclosed to affected technology vendor(s) unless otherwise requested by the reporter.
- UN Women reserves the right to accept or reject any security vulnerability or cyber security issue or incident disclosure report at its discretion.
If you believe you have found a vulnerability or issue and would like to report it, we ask that you submit a detailed description of the issue to us, including the steps that we can take to reproduce the issue and/or a proof-of-concept. As much information as possible regarding the finding should be communicated to UN Women to enable the organization to reproduce and verify the vulnerability, issue or incident, in order to implement appropriate remediation actions.
Once you submit a report to UN Women, please allow the information security team a reasonable amount of time to respond to your report and correct the issue.
If more information is required regarding a reported finding, UN Women may contact the reporter; therefore, it is important to provide valid contact details, including email address and/or telephone number.
If the conditions listed above are satisfied, UN Women will verify the existence of the vulnerability, notify affected parties, and implement actions to mitigate the vulnerability.
Once the vulnerability has been removed, the reporter will be acknowledged and listed on this page (unless s/he wishes to remain anonymous) along with a short description of the vulnerability or issue reported.
By reporting vulnerability findings to UN Women, the reporter acknowledges that such reporting is provided pro bono and without expectation of financial or other compensation. The reporter also affirms that neither s/he nor any entity that s/he represents is complicit in human rights abuses, tolerates forced or compulsory labour or uses child labour, is involved in the sale or manufacture of anti-personnel mines or their components, or does not meet the purposes and principles of the United Nations.
UN Women Information Security Hall of Fame
UN Women is grateful to the following individuals and organizations that have helped UN Women to improve the security of the organization’s information systems, data, and ICT resources by reporting security issues and vulnerabilities discovered.
2023
| Reporter | Issue |
|---|---|
| S.M Akees | Broken Link Hijacking |
| Virendra Yadav | Security misconfiguration |
2022
Expand
close
2021
| Reporter | Issue |
|---|---|
| Abdeali | Cybersecurity vulnerability |
| Abdurrahman Nazim | Cybersecurity vulnerability |
| Ashik Kunjumon | Cybersecurity vulnerability |
| Ayushi Poreddiwar | Cybersecurity vulnerability |
| Bertrand Stivalet | Cybersecurity vulnerability |
| Bertrand Stivalet | Cybersecurity vulnerability |
| Dilipkumar Dubey | Cybersecurity vulnerability |
| Galih Ramadhan Yusanto | Cybersecurity vulnerability |
| Gaurav Kumar | Cybersecurity vulnerability |
| Jacob Riggs | Cybersecurity vulnerability |
| Kabeer Saxena | Cybersecurity vulnerability |
| Mohd.Danish Abid | Cybersecurity vulnerability |
| Naman Shah | Cybersecurity vulnerability |
| Nayeem Islam | Cybersecurity vulnerability |
| Paras Arora | Cybersecurity vulnerability |
| Parth Shukla | Cybersecurity vulnerability |
| Parth Shukla | Cybersecurity vulnerability |
| Prajit Sindhkar (SAPT) | Cybersecurity vulnerability |
| Santosh Bobade | Cybersecurity vulnerability |
| Steven Hampton | Cybersecurity vulnerability |
| Vishal Pathak | Cybersecurity vulnerability |
Expand
close
2020
| Reporter | Issue |
|---|---|
| Abhi Chitkara | Cybersecurity vulnerability |
| Aditya Soni | Cybersecurity vulnerability |
| Aditya Soni | Cybersecurity vulnerability |
| Ahmed Adel Abdelfattah | Cybersecurity vulnerability |
| Avishek Nayal | Cybersecurity vulnerability |
| Eshan Singh | Cybersecurity vulnerability |
| Gourab Sadhukhan | Cybersecurity vulnerability |
| Geethu Sivakumar | Cybersecurity vulnerability |
| Hsu Myat Noe | Cybersecurity vulnerability |
| Ismail Tasdelen | Cybersecurity vulnerability |
| Laxman Rokade | Cybersecurity vulnerability |
| Manish Kumar | Cybersecurity vulnerability |
| Mehmet Can GÜNEŞ | Cybersecurity vulnerability |
| Miguel Santareno | Cybersecurity vulnerability |
| Mohammad Abdullah | Cybersecurity vulnerability |
| Mohammad Abdullah | Cybersecurity vulnerability |
| Mohsin Khan | Cybersecurity vulnerability |
| Nayanjyoti Roy | Cybersecurity vulnerability |
| Noth(沈彧璿) | Cybersecurity vulnerability |
| Paras Arora | Cybersecurity vulnerability |
| Pardon Mukoyi | Cybersecurity vulnerability |
| Prakash Kumar P. | Cybersecurity vulnerability |
| Pratik Khalane | Cybersecurity vulnerability |
| Pritam Mukherjee | Cybersecurity vulnerability |
| Pritam Mukherjee | Cybersecurity vulnerability |
| Purbasha ghosh | Cybersecurity vulnerability |
| Rohi Kumar | Cybersecurity vulnerability |
| Sagar Banwa | Cybersecurity vulnerability |
| Sanjeet Mishra | Cybersecurity vulnerability |
| SecurityMate | Cybersecurity vulnerability |
| Simone La Porta | Cybersecurity vulnerability |
| Sourajeet Majumder | Cybersecurity vulnerability |
| Srinivas M | Cybersecurity vulnerability |
| Subramanian Ramakrishnan | Cybersecurity vulnerability |
| SWETHA SRIDEVI N | Cybersecurity vulnerability |
| Tijo Davis | Cybersecurity vulnerability |
| Venkatesh Boga | Cybersecurity vulnerability |
| Wai Yan Aung | Cybersecurity vulnerability |
| Yogeshwaran Chandrasekaran | Cybersecurity vulnerability |
Expand
close
2019
| Reporter | Issue |
|---|---|
| Agrah Jain | Cybersecurity vulnerability |
| Agrah Jain | Cybersecurity vulnerability |
| Akash.H.C (bughunter) | Cybersecurity vulnerability |
| Alfie Njeru (@emenalf) | Cybersecurity vulnerability |
| Ambadi MP | Cybersecurity vulnerability |
| Ambadi MP | Cybersecurity vulnerability |
| Ambadi MP | Cybersecurity vulnerability |
| Anurag Mewar | Cybersecurity vulnerability |
| Anurag Mewar | Cybersecurity vulnerability |
| Arcot Manju | Cybersecurity vulnerability |
| Athul Jayaram | Cybersecurity vulnerability |
| Avishek Nayal | Cybersecurity vulnerability |
| Ayan Saha | Cybersecurity vulnerability |
| Ayan Saha | Cybersecurity vulnerability |
| Ayan Saha | Cybersecurity vulnerability |
| Ayan Saha | Cybersecurity vulnerability |
| Ayan Saha | Cybersecurity vulnerability |
| Ayan Saha | Cybersecurity vulnerability |
| Ayan Saha | Cybersecurity vulnerability |
| Ayush Pokhrel | Cybersecurity vulnerability |
| Balamuralidharan M (Cor3min3r) | Cybersecurity vulnerability |
| Balamuralidharan M (Cor3min3r) | Cybersecurity vulnerability |
| Balamuralidharan M (Cor3min3r) | Cybersecurity vulnerability |
| Chevon Phillip | Cybersecurity vulnerability |
| Chevon Phillip | Cybersecurity vulnerability |
| Chitranshu Jain | Cybersecurity vulnerability |
| CYBQ | Cybersecurity vulnerability |
| Eminence Ways PVT. LTD. | Cybersecurity vulnerability |
| Eshan Singh | Cybersecurity vulnerability |
| Eshan Singh | Cybersecurity vulnerability |
| Ismail Tasdelen | Cybersecurity vulnerability |
| Janmejaya Swain | Cybersecurity vulnerability |
| Janmejaya Swain | Cybersecurity vulnerability |
| Janmejaya Swain | Cybersecurity vulnerability |
| Jeetu Rajput | Cybersecurity vulnerability |
| Juveria Banu | Cybersecurity vulnerability |
| Juveria Banu | Cybersecurity vulnerability |
| Kishore Hariram | Cybersecurity vulnerability |
| Kishore Hariram | Cybersecurity vulnerability |
| Lütfü Mert Ceylan | Cybersecurity vulnerability |
| Madhumohan Ramkumar | Cybersecurity vulnerability |
| Madhumohan Ramkumar | Cybersecurity vulnerability |
| Mahadev Gavas | Cybersecurity vulnerability |
| Md. Asif Hossain | Cybersecurity vulnerability |
| Mehul Bharat Lunagariya | Cybersecurity vulnerability |
| Mehul Bharat Lunagariya | Cybersecurity vulnerability |
| Mohamed Abogwila | Cybersecurity vulnerability |
| Mohammed Adam | Cybersecurity vulnerability |
| Mohsin Khan | Cybersecurity vulnerability |
| N. Karthik | Cybersecurity vulnerability |
| Nishant Lungare | Cybersecurity vulnerability |
| Omur Ugur | Cybersecurity vulnerability |
| Pankaj Kumar Thakur | Cybersecurity vulnerability |
| Pethuraj M | Cybersecurity vulnerability |
| Prakash Kumar P. | Cybersecurity vulnerability |
| Pranil Kulkarni | Cybersecurity vulnerability |
| Prasad Panchbhai | Cybersecurity vulnerability |
| Pritam Singh | Cybersecurity vulnerability |
| Rahad Chowdhury | Cybersecurity vulnerability |
| Rajesh Ranjan | Cybersecurity vulnerability |
| Rajesh Ranjan | Cybersecurity vulnerability |
| Rajesh Ranjan | Cybersecurity vulnerability |
| Ratna Khare | Cybersecurity vulnerability |
| Ratna Khare | Cybersecurity vulnerability |
| Riddhi Suryavanshi | Cybersecurity vulnerability |
| Rohit Soni | Cybersecurity vulnerability |
| Rohit Soni | Cybersecurity vulnerability |
| Sarthak Goyal | Cybersecurity vulnerability |
| Sarthak Goyal | Cybersecurity vulnerability |
| Saurabh Kumar Pandey | Cybersecurity vulnerability |
| Shailesh Kumar | Cybersecurity vulnerability |
| Shaurya Sharma | Cybersecurity vulnerability |
| Shivam Pravin Khambe | Cybersecurity vulnerability |
| Shrimant Subhash More | Cybersecurity vulnerability |
| Sibivasan M | Cybersecurity vulnerability |
| Steeven George | Cybersecurity vulnerability |
| Subhamoy Guha | Cybersecurity vulnerability |
| Sunil Singh | Cybersecurity vulnerability |
| Sunil Singh | Cybersecurity vulnerability |
| Tushar Vaidya | Cybersecurity vulnerability |
| Tushar Vaidya | Cybersecurity vulnerability |
| Tushar Vaidya | Cybersecurity vulnerability |
| Tushar Vaidya | Cybersecurity vulnerability |
| Tushar Vaidya | Cybersecurity vulnerability |
| Venktesh Chandrikapure | Cybersecurity vulnerability |
| Vikas Srivastava | Cybersecurity vulnerability |
| Vivek Nathe | Cybersecurity vulnerability |
| Vivek Panday | Cybersecurity vulnerability |
| Wai Yan Aung | Cybersecurity vulnerability |
Expand
close
Latest news
21/09/2024