UOB Indonesia VDP

icon car
 

Report a Vulnerability or a Security Issue

Vulnerability Disclosure Programme (“VDP”)

The security and confidentiality of our customers' data, and the reliability and integrity of our systems, products, and services, are top priorities for UOB. We recognise that vulnerabilities or errors may occasionally arise, which is why UOB has introduced this VDP to address potential risks proactively.

Terms of reporting

We encourage customers, users, researchers, partners, and individuals interacting with our services to report potential, suspected, or identified vulnerabilities responsibly.

The following terms provides the guidelines for the responsible and direct submission of vulnerability reports to UOB, and applies to any security vulnerabilities, weaknesses or errors identified in UOB's products, services, applications, processes and/or online platforms.

By voluntarily submitting a vulnerability report to UOB, you confirm and agree that:

  • You will not exploit the identified vulnerabilities or attempt to gain unauthorised access to our systems and data
  • You will not disclose the vulnerability details, as well as the fact that you submitted a report to UOB, to third parties, or publicly
  • Your report is made in good faith, with no expectation of financial incentive of any kind, or other rewards
  • You assign all use and ownership rights of the reported vulnerability to UOB
Notwithstanding, the following activities are prohibited:
  • Exploit vulnerabilities or errors for personal gain
  • Disclose or using any proprietary or confidential UOB information or data
  • Engage in social engineering, phishing, spamming, denial-of-service, or resource-exhaustion attacks
  • Test physical security measures or attempting unauthorised access to systems not covered by this VDP
  • Violate any applicable laws in the course of discovering and reporting vulnerabilities

UOB will not be liable for any expense, damage, or loss of any kind which you may incur, whether directly or indirectly, as a result of the reported vulnerability. UOB’s acceptance of a vulnerability report does not constitute a waiver of any rights or claims for non-compliance with this VDP or applicable laws.

Confidentiality and Personal Data

We treat vulnerability reports with the utmost confidentiality.

By submitting your contact information and details, you consent to the collection, disclosure and processing of your personal data and your report for the following purposes, where applicable:

  • communicating with you regarding the reported vulnerability;
  • verifying your identity and establishing the legitimacy of the reported vulnerability;
  • assessing and remediating the reported vulnerability;
  • performing analytics and research to enhance our cybersecurity resilience and capabilities;
  • improving our systems and processes;
  • auditing, managing risk, staff training and internal reporting;
  • preventing, detecting and investigating criminal offences;
  • complying with legal or regulatory obligations, including requests from regulatory and cybersecurity authorities; and reporting to relevant authorities;
  • legal purposes and proceedings (including but not limited to protection of UOB Group’s rights and interests, obtaining legal advice and facilitating dispute resolution); and
  • any other reasonable purpose related to the above.

We may disclose your personal data, information, and findings to related third parties, UOB Group in Singapore, and any related UOB Group’s entities wherever they are located to carry out the purposes above. You may withdraw your consent for any or all of the purposes mentioned above in writing by completing this form and emailing it to idisvulnerabilitymanagement@uob.co.id. If you withdraw your consent for any or all of the purposes, and depending on the nature of your request, UOB may no longer be able to further process your report.

Report a Vulnerability

If you believe you have identified a security issue, we encourage you to report it through our designated form after this page. We will validate and address vulnerabilities in accordance with UOB’s policies. By ticking this page and submitting a report, you agree to the terms outlined in this VDP. UOB reserves the right to modify this VDP at any time.

We deeply appreciate your efforts to enhance our security and remain committed to taking appropriate action(s) to better protect our customers.

I have read, understood and agreed the above.

I have read, understood and agreed the above.

Vulnerability Summary

Technical Details

CVSS3 Score

Reporter Information

File type allowed PNG, JPG

captcha
Submit


UOB Indonesia berizin dan diawasi oleh Otoritas Jasa Keuangan dan Bank Indonesia serta merupakan peserta penjaminan Lembaga Penjamin Simpanan (LPS).
Maksimum nilai simpanan yang dijamin LPS per Nasabah per Bank adalah Rp 2 Miliar.
Untuk cek Tingkat Bunga Penjaminan LPS, klik di sini.

Kantor Pusat UOB Indonesia : UOB Plaza, Jl M.H. Thamrin No. 10 Jakarta Pusat 10230