Reporting Vulnerabilities

If you believe you have found a security issue that meets NetEye Definition of a Vulnerablity, please submit the report to our security team via one of the methods below.

Note

We are unable to respond to bulk reports generated by automated scanners. If you identify issues using an automated scanner, it is recommended that you have a security practitioner review the issues and ensure that the findings are valid before submitting a vulnerability report to NetEye.

• If you are a customer, please submit a ticket to Customer Support

• If you are a security researcher, please email us at info@wuerth-phoenix.net

Please also include the following information in your report:

• Type of issue (cross-site scripting, SQL injection, remote code execution, etc.)

• Product and version with the bug or a URL if dealing with a cloud service

• The potential impact of the vulnerability (i.e. what data can be accessed or modified)

• Step-by-step instructions to reproduce the issue

• Any proof-of-concept or exploit code required to reproduce

Definition of a Vulnerablity

NetEye considers a security vulnerability to be a weakness in our product or infrastructure that could allow an attacker to impact the confidentiality, integrity or availability of the product or infrastructure.

We do not consider the following types of findings to be security vulnerabilities:

• Missing security-related attributes on non-sensitive cookies NetEye products may set certain security-related attributes on cookies used on our applications. The absence of these headers on non-sensitive cookies is not considered a security vulnerability.

• Content spoofing by administrative users We allow administrators to inject code into specific areas of our products as a customization feature and do not consider that functionality to be a vulnerability.

• Clickjacking on pages that only contain static content

• Auto-complete enabled or disabled