https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93309#M9705 <P>Hello,</P><P>QA regularly uses well known security testing tools to scan the different XIQ-SE components to identify vulnerabilities of both Extreme Proprietary software and 3rd party applications used in the suite. These vulnerabilities are regularly patched in maintenance releases.</P><P>Information on Vulnerabilities that have been patched can be found in the release notes under the "Vulnerabilities Addresses" section.</P><P>&nbsp;</P><P><A href="https://documentation.extremenetworks.com/release_notes/NetSight/XIQSE/XIQSE_22.6.13_Release_Notes.pdf?_ga=2.131350863.1188659776.1665578103-1461443537.1656515490" target="_blank">https://documentation.extremenetworks.com/release_notes/NetSight/XIQSE/XIQSE_22.6.13_Release_Notes.pdf?_ga=2.131350863.1188659776.1665578103-1461443537.1656515490</A></P><P>&nbsp;</P><P>Thanks</P><P>-Ryan</P> Wed, 12 Oct 2022 12:40:04 GMT Ryan_Yacobucci 2022-10-12T12:40:04Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93302#M9703 <P>Hi Team,</P><P>as XIQ-SE is composed for a set of different&nbsp;tools, and applications built in or in its engines, I would like to ask if there is a document about all of them, used releases, patchs, etc...</P><P>My problem is that XIQ-SE is being analyzed for a security team with pentesting tools, and they request info about security holes in their diferents components.</P><P>Best!!!</P> Wed, 12 Oct 2022 11:07:06 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93302#M9703 EF 2022-10-12T11:07:06Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93307#M9704 <P>Hello.</P><P>I am not certain what you are asking for.</P><P>If you have a vendor performing penetration / vulnerability exposure testing against XIQ-SE and any portfolio product, they should treat the appliances as a black box and perform such scans.</P><P>Please elaborate on "request about security holes"? I would not imagine we'd publish a document that outlines security holes in our products.</P><P>As for what we have found and fixed in prior releases please refer to release notes and the vulnerabilities remediated sections within. You will see various mentions to CVE and other vulnerability bulletin id's, etc.</P> Wed, 12 Oct 2022 12:35:20 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93307#M9704 Robert_Haynes 2022-10-12T12:35:20Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93309#M9705 <P>Hello,</P><P>QA regularly uses well known security testing tools to scan the different XIQ-SE components to identify vulnerabilities of both Extreme Proprietary software and 3rd party applications used in the suite. These vulnerabilities are regularly patched in maintenance releases.</P><P>Information on Vulnerabilities that have been patched can be found in the release notes under the "Vulnerabilities Addresses" section.</P><P>&nbsp;</P><P><A href="https://documentation.extremenetworks.com/release_notes/NetSight/XIQSE/XIQSE_22.6.13_Release_Notes.pdf?_ga=2.131350863.1188659776.1665578103-1461443537.1656515490" target="_blank">https://documentation.extremenetworks.com/release_notes/NetSight/XIQSE/XIQSE_22.6.13_Release_Notes.pdf?_ga=2.131350863.1188659776.1665578103-1461443537.1656515490</A></P><P>&nbsp;</P><P>Thanks</P><P>-Ryan</P> Wed, 12 Oct 2022 12:40:04 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93309#M9705 Ryan_Yacobucci 2022-10-12T12:40:04Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93310#M9706 <P>Hi EF.</P><P>we do not publish this information publicly. You can get 3rd party licenses used in the product:/usr/local/Extreme_Networks/NetSight/ThirdPartyLicenses_*.zip</P><P>We are working on updating the Open Software Declaration. =&nbsp;<A href="https://www.extremenetworks.com/support/policies/open-source-declaration/" target="_blank">https://www.extremenetworks.com/support/policies/open-source-declaration/</A></P><P>&nbsp;</P> Wed, 12 Oct 2022 13:07:32 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/xiq-se-components/m-p/93310#M9706 Zdeněk_Pala 2022-10-12T13:07:32Z