This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XIQ-SE components

XIQ-SE components

Go to solution
EF
Contributor II

‎10-12-2022 04:07 AM

Hi Team,

as XIQ-SE is composed for a set of different tools, and applications built in or in its engines, I would like to ask if there is a document about all of them, used releases, patchs, etc...

My problem is that XIQ-SE is being analyzed for a security team with pentesting tools, and they request info about security holes in their diferents components.

Best!!!

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Zdeněk_Pala
Extreme Employee

‎10-12-2022 06:07 AM

Hi EF.

we do not publish this information publicly. You can get 3rd party licenses used in the product:/usr/local/Extreme_Networks/NetSight/ThirdPartyLicenses_*.zip

We are working on updating the Open Software Declaration. = https://www.extremenetworks.com/support/policies/open-source-declaration/

 

Regards Zdeněk Pala

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
Zdeněk_Pala
Extreme Employee

‎10-12-2022 06:07 AM

Hi EF.

we do not publish this information publicly. You can get 3rd party licenses used in the product:/usr/local/Extreme_Networks/NetSight/ThirdPartyLicenses_*.zip

We are working on updating the Open Software Declaration. = https://www.extremenetworks.com/support/policies/open-source-declaration/

 

Regards Zdeněk Pala
0 Kudos

Go to solution
Ryan_Yacobucci
Extreme Employee

‎10-12-2022 05:40 AM

Hello,

QA regularly uses well known security testing tools to scan the different XIQ-SE components to identify vulnerabilities of both Extreme Proprietary software and 3rd party applications used in the suite. These vulnerabilities are regularly patched in maintenance releases.

Information on Vulnerabilities that have been patched can be found in the release notes under the "Vulnerabilities Addresses" section.

 

https://documentation.extremenetworks.com/release_notes/NetSight/XIQSE/XIQSE_22.6.13_Release_Notes.p...

 

Thanks

-Ryan

0 Kudos

Go to solution
Robert_Haynes
Extreme Employee

‎10-12-2022 05:35 AM

Hello.

I am not certain what you are asking for.

If you have a vendor performing penetration / vulnerability exposure testing against XIQ-SE and any portfolio product, they should treat the appliances as a black box and perform such scans.

Please elaborate on "request about security holes"? I would not imagine we'd publish a document that outlines security holes in our products.

As for what we have found and fixed in prior releases please refer to release notes and the vulnerabilities remediated sections within. You will see various mentions to CVE and other vulnerability bulletin id's, etc.

0 Kudos
GTM-P2G8KFN