Vulnerability Reporting

Vulnerability Reporting Guidance

Welcome to the Vulnerability Reporting Page for MPoC Software. This page is dedicated to receiving and addressing security vulnerabilities identified by security researchers and users. We appreciate your efforts in helping us maintain a secure environment for our users.

What to Report

Please report any security vulnerabilities or concerns related to the MPoC Software. This includes, but is not limited to:

  • 1. Authentication issues
  • 2. Authorization flaws
  • 3. Data leakage or exposure
  • 4. Cryptographic vulnerabilities
  • 5. Injection attacks
  • 6. Mobile application issues

Responsible Disclosure Policy

We follow a responsible disclosure policy, and we appreciate your cooperation. Here are the key points:

  • 1. Report vulnerabilities only through the provided channels.
  • 2. Provide reasonable time to investigate and address the reported issue before making it public.
  • 3. Do not disclose or exploit any vulnerabilities without explicit consent from Infibeam Avenues Ltd.

Legal Protections

Infibeam Avenues is committed to protecting the rights of security researchers who responsibly disclose vulnerabilities. We will not take legal action against individuals who adhere to our responsible disclosure policy.

Acknowledgment and Communication

We value the efforts of security researchers and will acknowledge receipt of your report within 7 business days. We will keep you informed about the status and resolution of the reported issue.

Report Vulnerabilities

Inclusion Criteria :
Common Vulnerabilities and Exposures (CVEs) Include vulnerabilities listed in the National Vulnerability Database (NVD)
and other recognized databases.
Security Advisories Include vulnerabilities reported in official security advisories from
software vendors or reliable sources.
Severity Level Include vulnerabilities with a severity level that poses a
credible threat to Infibeam Avenues systems, data, or operations.
Relevance to Infibeam Avenues Environment Include vulnerabilities that are applicable to the specific software versions
and configurations used by Infibeam Avenues.
Impact on Confidentiality, Integrity, and Availability Include vulnerabilities that have a significant impact on the confidentiality, integrity,
or availability of systems and data.
Known Exploits Include vulnerabilities for which there are known exploits or active threats in the wild.
Compliance Violations Include vulnerabilities that may lead to violations of regulatory compliance requirements
relevant to Infibeam Avenues.
Vendor Acknowledgment Include vulnerabilities that have been acknowledged by the COTS vendor, especially if a
patch or mitigation is available.
Exclusion Criteria :
False Positives Exclude vulnerabilities identified as false positives after thorough investigation and verification.
Non-Applicable Vulnerabilities Exclude vulnerabilities that are not applicable to Infibeam Avenues specific software and hardware configurations.
Low-Impact Issues Exclude vulnerabilities with a low severity level that does not pose a significant risk
to Infibeam Avenues operations.
Unsupported or Legacy Software Exclude vulnerabilities in software components that are officially unsupported or considered legacy,
and where upgrading is not feasible.
Known Mitigations Exclude vulnerabilities for which effective mitigations are already in place or can be readily implemented.
Vendor Patch Release Pending Exclude vulnerabilities for which a vendor has acknowledged the issue, and a patch is pending release
within an acceptable timeframe.
Low Probability of Exploitation Exclude vulnerabilities with a low probability of exploitation in the specific environment
and use case of Infibeam Avenues.
Insignificant Impact Exclude vulnerabilities with an insignificant impact on the confidentiality, integrity,
and availability of Infibeam Avenues systems and data.