Security Advisory Policy

When ManageEngine releases a patch for a security vulnerability in on-premises products, customers will be duly apprised through the following communication channels:

Publication Email* In-product banner** Advisory list Release notes
Security Advisory - Critical severity Yes Yes Yes Yes
Security Advisory - High severity Yes Yes Yes Yes
Security Advisory - Medium severity No Yes Yes Yes
Security Advisory - Low / Informational No No No Yes

ManageEngine uses CVSS 3.1 score as part of the standard process of evaluating security vulnerabilities. In addition to the CVSS scores, ManageEngine will also apply its internal security impact and exploitability assessment rating to accurately categorize the vulnerability severity.

*Email: The advisory emails will be sent to all users subscribed to the security advisory list. Users can subscribe to the advisories by submitting this form.

**In-product banner: ManageEngine will show an informational banner to admin users within the on-premises products.

For any queries, customers can reach out to security@manageengine.com.