Since joining with AHEAD + RoundTower, we will continue under the unified company name, AHEAD.
Infosys BPM Ltd., the business process management subsidiary of Infosys Ltd. (NYSE: INFY), was set up in April 2002. Infosys BPM focuses on integrated end-to-end outsourcing and delivers transformational benefits to its clients through reduced costs, ongoing productivity improvements, and process re-engineering. Infosys BPM operates in India, Poland, the Czech Republic, the Netherlands, Ireland, South Africa, Brazil, Mexico, Costa Rica, the United States, Puerto Rico, China, the Philippines, Singapore, and Australia. Infosys BPM has been consistently ranked among the leading BPM companies and has received over 60 awards and recognitions in the last 5 years from key industry bodies and forums like the International Association of Outsourcing Professionals, Outsourcing Center, SSON, and NOA, among others. Infosys BPM also has very robust people practices, as substantiated by the various HR-specific awards it has won over the years. The company has consistently been ranked among the top employers of choice, on the basis of its industry-leading HR best practices. The company’s senior leaders contribute widely to industry forums as BPO strategists.
Security & Compliance Standards Overview
No incidents recorded for Kovarus an AHEAD Company in 2025.
No incidents recorded for Infosys BPM in 2025.
Kovarus an AHEAD Company cyber incidents detection timeline including parent company and subsidiaries
Infosys BPM cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files it will combine, which allows remote attackers to create very large responses that lead to a denial of service attack via the URL query string.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.
