Cimetrics Security Center

Report a Vulnerability

At Cimetrics Inc., we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

  • E-mail your findings to secure@cimetrics.com. Encrypt your findings using our PGP key to prevent this critical information from falling into the wrong hands.
  • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
  • Do not reveal the problem to others until it has been resolved,
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation. It is important to include the following details:

    - The products and versions affected
    - Detailed description of the vulnerability 
    - Information on known exploits 

What we promise:

  • We will respond to your report within 30 days with our evaluation of the report and an expected resolution date,
  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission,
  • We will keep you informed of the progress towards resolving the problem,

We strive to resolve all problems as quickly as possible.

PGP Public Keys

Use the Cimetrics public PGP key to encrypt email with sensitive information and to verify that security communications and files/packages sent by Cimetrics are genuine.

You can also find Cimetrics public key in public directory servers:  PGP Global Directory, MIT PGP Public Key server and https://keys.openpgp.org/

Active Date:  September 5, 2023
Expiration Date:  September 25, 2026
Key Type:  RSA
Key Size:  4096/4096
Finger Print: 

17AE EC0C 9A4F E340 9E3F 92E7 62DE A172 5AA0 B812

User ID:  security@cimetrics.com

You can download this key or copy-and-paste the text below.

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGEm4EABEAC3RGu0l6sXTcpIWSUNYSurWmjSYwbcpFcB6uWRw4z3KJ/OZph7
UnuMwdT9/941cgS7zkk6Q1Y5zc44qWlCjByYA3BS6OhNcwmXaZ5v0aqeO+F91CI7
/7D+8bdoqV+YwnZI2hSe8oLuq3pY28P469Nd37HFvvtvyxN89ZP0o92Tw595/VQL
ZLilFWLE1gW0pIhenkqo56Qpw9KbSxIkS2DZ8Y8/HwnGWwq650vDG/fpicjCMHY4
SuVZ4ZhhI7YoOl/b9qETb82pMB5PgOnWEpt27RPD+B46/l5Vle9Iv3qEyMSHayqy
2G4ysv9WPoOSCHOWGpTF6MowFE8e+TgIgwPI18Lpjq4xm9aL2Jo7wQra+ZdSc9Fu
TUFUw5oAlJLcKIzyrU8D3AzylTlDZ2mrVn/rOO7VFB2u8EmEdeOuV8upLamEnnco
cA8wPSatfSevR5gaxOHGT9xT1ezOUQiM2/4fxB2mZXS8y0slZNiKMcMEyYQueanw
x+mt2y1VXE9E5tRtAQF3iJWZIGSBojfBGv5eKHHedGa9t20AP+4AmAFu5/WRodSZ
+MZ/CoexGCnM0uuJJLPlQBEZJFxHX7JaAYoVG8DpGc2JYPn8g8VGcWubCR3BiwwC
c+k0iFUZfIWuabwOor2b9cjnrwYoSEoa+x83tfxnYwiiGbl+AqocZvsFtwARAQAB
tCVDaW1ldHJpY3MgSW5jLiA8c2VjdXJlQGNpbWV0cmljcy5jb20+iQJUBBMBCAA+
AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEF67sDJpP40CeP5LnYt6hclqg
uBIFAmMQLcIFCQPKgX4ACgkQYt6hclqguBIGrhAAsAa2gb6/Dpxh8XFNDO0S7UWB
Cp+eWvHealtVmlX5tIaqSzKxFjxPEBe+JfSi11cKaRX10kMMf3GRcFqEZodsxuYI
0KfkZZLRKRL5nHC/r0rZhO108o5CxQr6rPVmIdqfuzDajSjCpaxaxW2JZbzx7BFS
WrMyAKpkCr5s8P1jgVedMIr2rQqiKsEKjBgIolhw5bVruPg0z/m4uCJUsfnjB6Nr
vMjFxCWLul/up85AKNCWPtmFywFMBUJLvYSBopFP1LT0FHF1MVO3/ryV0IjcT4z2
Wuo3F53MCK0Ur64ROhTSOF9sOeVSRUGIpEX3cE8DA+nviTWQTFQSLJi8Y3JuLndb
5AVbdHF+FcL8Uxk0PCQV2mj3DR7gv9sYEqrs46W/LxzVSlolxh3ekiJ8sEbucfPK
QSD2oPyXKn0fphru8uVo5wqCrIQdzCqGZYERgXKxCXBX++SrxuKQOwI4P1B8AIod
AdZBCpHgMVuHEwaYJsJ4Sx5SSPJ1EhYBnBGBa9MZdcIK2BBbuTJKMjhJnoBPswi+
Llda05dIsU0R7fW6bqtgvOtcL1fL4kCRRWQxv/ln4pJ3mLT7Q8lBZALS3HW2UDBj
djcLaA6tq5avHmUFhM2k/wOxHsLT+8FSgDlK9kkkIXcV6xYSuOoVSjlgGvDuXoCb
p22VZjhW6VS9SQVw2wSJAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AWIQQXruwMmk/jQJ4/kudi3qFyWqC4EgUCZvR5JAUJCZBi/gAKCRBi3qFyWqC4
EgROD/97M+5VN/UW2kRw/9uaC00hnDDW0ACgN7H0vKEbzzdME1ylcZ1Y7l7vgJM9
xWDTYEIELd6Y6xApOHdihtEQlypzqrog7Q8uQPBD3IDWwcY3avF+3Bb/p+XleSJV
QbONlsb9i8U2dWV6yyvinRxeFwcmddH5JMfaCSNcyU9p6PhTUTd9dM9iC0k/qQTA
GXqXpDZi8FnvTvtUhPFK7lt2u6nvVFpayOxagnkUezMEdLmHf2RMlWmvh4uJIrW+
ibB+AzXKcCau2rpIq0DIhgCMr3bMGt/4ADah0QkO6XwvdlmgBh5tnT8/feQff6ys
dc86UdTna2P5CxddARBfR1kN1yZ6bVTC9maiSQumNzJZeP41wop9wzm+gro0pmd6
YZDZCE3YGysTLYKrlgRoNUCHvnOaHaFQq1NQykpcbdHfQNfOOQuZAbK1fVwx4aG8
pApjvSd43a6RbT7uPmrKC4zuQFCOsdak39n1pCwrxC5+zXe/BIKtS8zag5Cp/TaS
M8xwot90InIdeum0bvK4xnJemiy0AE1wPtt1qnW0McY+TDEGcsHhHOnSTcE4s4kM
O8bO5ym8Sy6nEphpP4tL20VxmO2X9zTz03A34Bhk1utCyaW6BAttm/+AropkVaH6
LiiwjSSL2S9rskEeOX8r+z6heDNQ/UcfpvqKBTMXRUCZ85nVnrkCDQRhJuBAARAA
qrKgYAI1MrbJQTjhtkv2PTjU08kH3FhUYMRFBzP4DCMoYRtOG5zyb0fsYIAgQMwd
VEVoWKRZo+dTberMckQBziK5/DETQQ1me8XONNufcPSHSUq5gZ0RyH31xM/hmqsp
7+8aPvAUIf2aA5p39X6Qzl96o/S94F3NTFoo3KH8CeiSxYEEBlmuSgm7d8blxkAp
YYbdPKxi1osEkbX9OSu2HAxvqS4nAC5BgyZJ3XNKeifFfBR50repkxRwQyAIhVhu
CrM9hJwuyx6l+vmZE2gRS5wSWGxSUsrVn31jFBV/MO1Jj+4jmUuY1a9SFQgY89T+
Z4BRo/d35gSjZhayHtEU1kIwDvn2iNgkjIYaLWyxwpyoYgc6bVJFvsQ/vK9Pagxo
zrMnS7YE6mH5Ifn3cMdURMhB5QAUhlp2pc/7JtdPW93xgR/txpSNetAOduwelIc4
0xsac7JLAlCjFkTX1IQ2+pAIPxe7Fvz2iBMvMgDGpNn9d52bIv5CvbJ7HH1F21Kn
S7ZTs2L9wFMA9b4zAg7j2RbLUdwEVhMWJ41oMI5xlk48H8jbDzbbswsAKiS7B+qi
cXoVa+ZwkxHnFJaGUrTufoUkDEoOF0jEv9zxFFh/UiFvKF0BkSBeA3eT6+LKg+LS
ljWd2ZtrsoLYn3spdT3B3xPitlJejAjiwRCGnUwATIMAEQEAAYkCPAQYAQgAJhYh
BBeu7AyaT+NAnj+S52LeoXJaoLgSBQJhJuBAAhsMBQkB4LxAAAoJEGLeoXJaoLgS
0+4P/3C4/ZBGP02UfM5xGqvgMf9xjIfMZ+PgWfVWUKIF9qU/awFNDXNqCPSokyNo
4NUB5igdqsWPzjV4iCJgkV4QwZ8oqaHDFyz/N/8n3j3/o157vSmWgffbpSjo9mDI
BX+SRoVbc7N+yRF81PlcaG2ki3iFOhfs9TMg1BcVE6w4O2gorRP4IfRSBudOwZ2u
BtEQ/eJtBZeBk4X9ng+zi4fWdrUS/MH4fHHLp+BBrbXDcm0mkSJ7r5Iru0WsMRqT
+5cD/kBm8kgLSiCXf04bmnoBWUZTmtVjUFbugG//+l90pUcf5S/xoviBYcuh2BpD
MFXZEb+thtjRefz9jTazwLoAuL5pen/Pk/eSne+/ke8H4D3nRSwDncSNKNqbzCaf
tutFFTmhTAUxGN1zCWoe2vN4YGVqZuV/6tsMrso1XI2Gc1BUK/3PYtEQMYRX9Duc
IM9HHgunRbXNluxab6CIgCr0L9ntgGKRQlmu+mFl7SpzSdajpMT7Zz1+zC4BWLZ8
m06rFIrax0TzueHEQ+pJc0EZKyF01UpqRy/I9/7FMzLC8aNHb9wTmBSIBiisdSt7
4tZknsabbVEQne7xs0m2uDh2GF7rRK6yUIpqq9jtW1B8VfJ22ef2rjgNFH3AH5/z
1O9xvsoYwYwe5RKDgDrPdN63fDWcgf3jIT7k4HHM5VoaADjq
=w/Qa
-----END PGP PUBLIC KEY BLOCK-----