[gibba999]

T-Mobile explicitly excludes out-of-date software from their bug bounty program. Same with CSRF and XSS issues.

https://www.telekom.com/en/corporate-responsibility/data-pro...

Most such issues are business-as-usual there.