cancel
Showing results for 
Search instead for 
Did you mean: 

XIQ-SE components

XIQ-SE components

EF
Contributor II

Hi Team,

as XIQ-SE is composed for a set of different tools, and applications built in or in its engines, I would like to ask if there is a document about all of them, used releases, patchs, etc...

My problem is that XIQ-SE is being analyzed for a security team with pentesting tools, and they request info about security holes in their diferents components.

Best!!!

1 ACCEPTED SOLUTION

Zdeněk_Pala
Extreme Employee

Hi EF.

we do not publish this information publicly. You can get 3rd party licenses used in the product:/usr/local/Extreme_Networks/NetSight/ThirdPartyLicenses_*.zip

We are working on updating the Open Software Declaration. = https://www.extremenetworks.com/support/policies/open-source-declaration/

 

Regards Zdeněk Pala

View solution in original post

3 REPLIES 3

Zdeněk_Pala
Extreme Employee

Hi EF.

we do not publish this information publicly. You can get 3rd party licenses used in the product:/usr/local/Extreme_Networks/NetSight/ThirdPartyLicenses_*.zip

We are working on updating the Open Software Declaration. = https://www.extremenetworks.com/support/policies/open-source-declaration/

 

Regards Zdeněk Pala

Ryan_Yacobucci
Extreme Employee

Hello,

QA regularly uses well known security testing tools to scan the different XIQ-SE components to identify vulnerabilities of both Extreme Proprietary software and 3rd party applications used in the suite. These vulnerabilities are regularly patched in maintenance releases.

Information on Vulnerabilities that have been patched can be found in the release notes under the "Vulnerabilities Addresses" section.

 

https://documentation.extremenetworks.com/release_notes/NetSight/XIQSE/XIQSE_22.6.13_Release_Notes.p...

 

Thanks

-Ryan

Robert_Haynes
Extreme Employee

Hello.

I am not certain what you are asking for.

If you have a vendor performing penetration / vulnerability exposure testing against XIQ-SE and any portfolio product, they should treat the appliances as a black box and perform such scans.

Please elaborate on "request about security holes"? I would not imagine we'd publish a document that outlines security holes in our products.

As for what we have found and fixed in prior releases please refer to release notes and the vulnerabilities remediated sections within. You will see various mentions to CVE and other vulnerability bulletin id's, etc.

GTM-P2G8KFN