1E publishes security advisories concerning vulnerabilities that affect software which is incorporated into currently supported product versions. As a result, customers may be required to apply mitigation, patch or update their installations of 1E products to address the vulnerabilities identified.
When vulnerabilities are reported to or found by 1E they are first reviewed by the 1E Security Group to determine the best course of action. Throughout the investigative process, 1E strives to work collaboratively with the source of the report (incident reporter) to confirm the nature of the vulnerability, gather required technical information, and ascertain appropriate remedial action. After the initial investigation is complete, results will be delivered to the incident reporter along with a plan for resolution and public disclosure. If the incident reporter disagrees with the conclusion, then 1E will make every effort to address those concerns.
In all security publications, 1E discloses information required for an end user to assess the impact of a vulnerability and any potential steps needed to protect their environment.
For each published security bulletin 1E will provide a recommendation for remediation of the vulnerability. This may take the form of a mitigation, hotfix or update that may be applied to the affected product installation.
|Date||Security Advisory||Max Severity Rating|
|9 Dec, 2020||Medium|