Vulnerabilities found by third-party security scans should go to HackerOne

This article provides a solution to address vulnerabilities found by third-party security scans.

Affected products and versions

  • Adobe Commerce (all versions)

Issues

Merchant performed a PEN test through an independent security agency, and a vulnerability was flagged.

Solutions

Vulnerabilities found by third-party security scans should be sent to the HackerOne website. Adobe Commerce does not have a direct point of contact at HackerOne, so you should directly reach out to HackerOne. Adobe only handles the MST (Magento Security Scan tool) report.

recommendation-more-help
8bd06ef0-b3d5-4137-b74e-d7b00485808a