Community
Hi,
I’ve identified some security vulnerabilities in the Axigen web administration interface. First, what’s the correct contact address to report these findings?
Also, I’ve noticed that some vendors are reluctant to assign CVE numbers for reported vulnerabilities. Do you assign CVE numbers for confirmed vulnerabilities, and do you have a designated CNA (CVE Numbering Authority) you work with? I would appreciate this information before proceeding with reporting.
Hello,
Thank you for reaching out. We take security very seriously and appreciate your efforts to help keep our product secure.
Reporting Address
For security-related vulnerability disclosures, please contact us directly at security [at] axigen [dot] com
CVE Assignment & CNA
Regarding your concern about CVEs: Yes, Axigen is committed to transparent disclosure. For confirmed, non-trivial vulnerabilities, we do assign CVE numbers to ensure the community is informed and protected.
Axigen works with MITRE (the primary CVE Numbering Authority) to ensure that valid findings are properly documented and credited to the researcher.
We look forward to hearing from you.
BR,
Ioan
Thank you for the information. I have just forwarded the vulnerability report to security@axigen.com.