When ManageEngine releases a patch for a security vulnerability in on-premises products, customers will be duly apprised through the following communication channels:
Publication | Email* | In-product banner** | Advisory list | Release notes |
---|---|---|---|---|
Security Advisory - Critical severity | Yes | Yes | Yes | Yes |
Security Advisory - High severity | Yes | Yes | Yes | Yes |
Security Advisory - Medium severity | No | Yes | Yes | Yes |
Security Advisory - Low / Informational | No | No | No | Yes |
ManageEngine uses CVSS 3.1 score as part of the standard process of evaluating security vulnerabilities. In addition to the CVSS scores, ManageEngine will also apply its internal security impact and exploitability assessment rating to accurately categorize the vulnerability severity.
*Email: The advisory emails will be sent to all users subscribed to the security advisory list. Users can subscribe to the advisories by submitting this form.
**In-product banner: ManageEngine will show an informational banner to admin users within the on-premises products.
For any queries, customers can reach out to security@manageengine.com.