Vulnerabilities found by third-party security scans should go to HackerOne
This article provides a solution to address vulnerabilities found by third-party security scans.
Affected products and versions
- Adobe Commerce (all versions)
Issues
Merchant performed a PEN test through an independent security agency, and a vulnerability was flagged.
Solutions
Vulnerabilities found by third-party security scans should be sent to the HackerOne website. Adobe Commerce does not have a direct point of contact at HackerOne, so you should directly reach out to HackerOne. Adobe only handles the MST (Magento Security Scan tool) report.
recommendation-more-help
8bd06ef0-b3d5-4137-b74e-d7b00485808a