Reporting a cyber security issue

To improve the protection of its information and communication technologies (ICT) systems and assets, UN Women encourages the public to assist with its efforts by disclosing vulnerabilities in UN Women’s publicly accessible information systems and assets as well as reporting cyber security issues.

What to report | Reporting policy | Information Security Hall of Fame

What to report to UN Women

The public is invited to report cyber security issues, incidents, and details of vulnerabilities associated with publicly accessible UN Women ICT systems, including websites.

Reporting policy

UN Women will accept disclosures of vulnerabilities and cyber security issues and incidents under the following conditions:

  • The vulnerability and/or cyber security issue or incident has not already been publicly disclosed.
  • The vulnerability and/or cyber security issue or incident should be reported to UN Women as quickly as possible after its discovery.
  • The findings must remain confidential for at least 90 days following the date the vulnerability or cyber security issue or incident was reported to UN Women or until public disclosure of the vulnerability has been made on this website.
  • The severity of a vulnerability finding is assessed by UN Women at its own discretion.
  • The name and contact information of the reporter may be disclosed to affected technology vendor(s) unless otherwise requested by the reporter.
  • UN Women reserves the right to accept or reject any security vulnerability or cyber security issue or incident disclosure report at its discretion.

If you believe you have found a vulnerability or issue and would like to report it, we ask that you submit a detailed description of the issue to us, including the steps that we can take to reproduce the issue and/or a proof-of-concept. As much information as possible regarding the finding should be communicated to UN Women to enable the organization to reproduce and verify the vulnerability, issue or incident, in order to implement appropriate remediation actions.

Once you submit a report to UN Women, please allow the information security team a reasonable amount of time to respond to your report and correct the issue.

If more information is required regarding a reported finding, UN Women may contact the reporter; therefore, it is important to provide valid contact details, including email address and/or telephone number.

If the conditions listed above are satisfied, UN Women will verify the existence of the vulnerability, notify affected parties, and implement actions to mitigate the vulnerability.

Once the vulnerability has been removed, the reporter will be acknowledged and listed on this page (unless s/he wishes to remain anonymous) along with a short description of the vulnerability or issue reported.

By reporting vulnerability findings to UN Women, the reporter acknowledges that such reporting is provided pro bono and without expectation of financial or other compensation. The reporter also affirms that neither s/he nor any entity that s/he represents is complicit in human rights abuses, tolerates forced or compulsory labour or uses child labour, is involved in the sale or manufacture of anti-personnel mines or their components, or does not meet the purposes and principles of the United Nations.

Submit a report ►

UN Women Information Security Hall of Fame

UN Women is grateful to the following individuals and organizations that have helped UN Women to improve the security of the organization’s information systems, data, and ICT resources by reporting security issues and vulnerabilities discovered.  

2022

   Reporter    Issue
Biswajeet Ray Clickjacking vulnerability
Virendra Yadav Security misconfiguration
2021
   Reporter    Issue
Abdeali Cybersecurity vulnerability
Abdurrahman Nazim Cybersecurity vulnerability
Ashik Kunjumon Cybersecurity vulnerability
Ayushi Poreddiwar Cybersecurity vulnerability
Bertrand Stivalet Cybersecurity vulnerability
Bertrand Stivalet Cybersecurity vulnerability
Dilipkumar Dubey Cybersecurity vulnerability
Galih Ramadhan Yusanto Cybersecurity vulnerability
Gaurav Kumar Cybersecurity vulnerability
Jacob Riggs Cybersecurity vulnerability
Kabeer Saxena Cybersecurity vulnerability
Mohd.Danish Abid Cybersecurity vulnerability
Naman Shah Cybersecurity vulnerability
Nayeem Islam Cybersecurity vulnerability
Paras Arora Cybersecurity vulnerability
Parth Shukla Cybersecurity vulnerability
Parth Shukla Cybersecurity vulnerability
Prajit Sindhkar (SAPT) Cybersecurity vulnerability
Santosh Bobade Cybersecurity vulnerability
Steven Hampton Cybersecurity vulnerability
Vishal Pathak Cybersecurity vulnerability
Expand
close
2020
   Reporter    Issue
Abhi Chitkara Cybersecurity vulnerability
Aditya Soni Cybersecurity vulnerability
Aditya Soni Cybersecurity vulnerability
Ahmed Adel Abdelfattah Cybersecurity vulnerability
Avishek Nayal Cybersecurity vulnerability
Eshan Singh Cybersecurity vulnerability
Gourab Sadhukhan Cybersecurity vulnerability
Geethu Sivakumar Cybersecurity vulnerability
Hsu Myat Noe Cybersecurity vulnerability
Ismail Tasdelen Cybersecurity vulnerability
Laxman Rokade Cybersecurity vulnerability
Manish Kumar Cybersecurity vulnerability
Mehmet Can GÜNEŞ Cybersecurity vulnerability
Miguel Santareno Cybersecurity vulnerability
Mohammad Abdullah Cybersecurity vulnerability
Mohammad Abdullah Cybersecurity vulnerability
Mohsin Khan Cybersecurity vulnerability
Nayanjyoti Roy Cybersecurity vulnerability
Noth(沈彧璿) Cybersecurity vulnerability
Paras Arora Cybersecurity vulnerability
Pardon Mukoyi Cybersecurity vulnerability
Prakash Kumar P. Cybersecurity vulnerability
Pratik Khalane Cybersecurity vulnerability
Pritam Mukherjee Cybersecurity vulnerability
Pritam Mukherjee Cybersecurity vulnerability
Purbasha ghosh Cybersecurity vulnerability
Rohi Kumar Cybersecurity vulnerability
Sagar Banwa Cybersecurity vulnerability
Sanjeet Mishra Cybersecurity vulnerability
SecurityMate Cybersecurity vulnerability
Simone La Porta Cybersecurity vulnerability
Sourajeet Majumder Cybersecurity vulnerability
Srinivas M Cybersecurity vulnerability
Subramanian Ramakrishnan Cybersecurity vulnerability
SWETHA SRIDEVI N Cybersecurity vulnerability
Tijo Davis Cybersecurity vulnerability
Venkatesh Boga Cybersecurity vulnerability
Wai Yan Aung Cybersecurity vulnerability
Yogeshwaran Chandrasekaran Cybersecurity vulnerability
Expand
close
2019
   Reporter    Issue
Agrah Jain Cybersecurity vulnerability
Agrah Jain Cybersecurity vulnerability
Akash.H.C (bughunter) Cybersecurity vulnerability
Alfie Njeru (@emenalf) Cybersecurity vulnerability
Ambadi MP Cybersecurity vulnerability
Ambadi MP Cybersecurity vulnerability
Ambadi MP Cybersecurity vulnerability
Anurag Mewar Cybersecurity vulnerability
Anurag Mewar Cybersecurity vulnerability
Arcot Manju Cybersecurity vulnerability
Athul Jayaram Cybersecurity vulnerability
Avishek Nayal Cybersecurity vulnerability
Ayan Saha Cybersecurity vulnerability
Ayan Saha Cybersecurity vulnerability
Ayan Saha Cybersecurity vulnerability
Ayan Saha Cybersecurity vulnerability
Ayan Saha Cybersecurity vulnerability
Ayan Saha Cybersecurity vulnerability
Ayan Saha Cybersecurity vulnerability
Ayush Pokhrel Cybersecurity vulnerability
Balamuralidharan M (Cor3min3r) Cybersecurity vulnerability
Balamuralidharan M (Cor3min3r) Cybersecurity vulnerability
Balamuralidharan M (Cor3min3r) Cybersecurity vulnerability
Chevon Phillip Cybersecurity vulnerability
Chevon Phillip Cybersecurity vulnerability
Chitranshu Jain Cybersecurity vulnerability
CYBQ Cybersecurity vulnerability
Eminence Ways PVT. LTD. Cybersecurity vulnerability
Eshan Singh Cybersecurity vulnerability
Eshan Singh Cybersecurity vulnerability
Ismail Tasdelen Cybersecurity vulnerability
Janmejaya Swain Cybersecurity vulnerability
Janmejaya Swain Cybersecurity vulnerability
Janmejaya Swain Cybersecurity vulnerability
Jeetu Rajput Cybersecurity vulnerability
Juveria Banu Cybersecurity vulnerability
Juveria Banu Cybersecurity vulnerability
Kishore Hariram Cybersecurity vulnerability
Kishore Hariram Cybersecurity vulnerability
Lütfü Mert Ceylan Cybersecurity vulnerability
Madhumohan Ramkumar Cybersecurity vulnerability
Madhumohan Ramkumar Cybersecurity vulnerability
Mahadev Gavas Cybersecurity vulnerability
Md. Asif Hossain Cybersecurity vulnerability
Mehul Bharat Lunagariya Cybersecurity vulnerability
Mehul Bharat Lunagariya Cybersecurity vulnerability
Mohamed Abogwila Cybersecurity vulnerability
Mohammed Adam Cybersecurity vulnerability
Mohsin Khan Cybersecurity vulnerability
N. Karthik Cybersecurity vulnerability
Nishant Lungare Cybersecurity vulnerability
Omur Ugur Cybersecurity vulnerability
Pankaj Kumar Thakur Cybersecurity vulnerability
Pethuraj M Cybersecurity vulnerability
Prakash Kumar P. Cybersecurity vulnerability
Pranil Kulkarni Cybersecurity vulnerability
Prasad Panchbhai Cybersecurity vulnerability
Pritam Singh Cybersecurity vulnerability
Rahad Chowdhury Cybersecurity vulnerability
Rajesh Ranjan Cybersecurity vulnerability
Rajesh Ranjan Cybersecurity vulnerability
Rajesh Ranjan Cybersecurity vulnerability
Ratna Khare Cybersecurity vulnerability
Ratna Khare Cybersecurity vulnerability
Riddhi Suryavanshi Cybersecurity vulnerability
Rohit Soni Cybersecurity vulnerability
Rohit Soni Cybersecurity vulnerability
Sarthak Goyal Cybersecurity vulnerability
Sarthak Goyal Cybersecurity vulnerability
Saurabh Kumar Pandey Cybersecurity vulnerability
Shailesh Kumar Cybersecurity vulnerability
Shaurya Sharma Cybersecurity vulnerability
Shivam Pravin Khambe Cybersecurity vulnerability
Shrimant Subhash More Cybersecurity vulnerability
Sibivasan M Cybersecurity vulnerability
Steeven George Cybersecurity vulnerability
Subhamoy Guha Cybersecurity vulnerability
Sunil Singh Cybersecurity vulnerability
Sunil Singh Cybersecurity vulnerability
Tushar Vaidya Cybersecurity vulnerability
Tushar Vaidya Cybersecurity vulnerability
Tushar Vaidya Cybersecurity vulnerability
Tushar Vaidya Cybersecurity vulnerability
Tushar Vaidya Cybersecurity vulnerability
Venktesh Chandrikapure Cybersecurity vulnerability
Vikas Srivastava Cybersecurity vulnerability
Vivek Nathe Cybersecurity vulnerability
Vivek Panday Cybersecurity vulnerability
Wai Yan Aung Cybersecurity vulnerability
Expand
close