Common Vulnerabilities and Exposures (CVEs) are common vulnerabilities in a system along with the dangers created by exposure to them. The vulnerabilities are administered centrally, using a standardised system, so that each user of that particular system is aware of the generally known vulnerabilities in a version. The purpose of this is to inform organizations and users about the vulnerabilities so that appropriate measures can be taken to stay one step ahead of malicious parties.
To stay in line with professional IT procedures, GX has decided to register CVEs as well.
What is the process?
- As of Q3-2022, GX will start disclosing CVEs.
- We shall do this via the website https://cve.mitre.org/.
- Within the scope of this process are CVEs from supported XperienCentral releases. These are releases that are not older than one year. This page shows which releases are under support and which are no longer.
- GX informs affected organisations of the intention to make the CVE public and agrees a timeframe to patch the used release, giving affected organisations time to patch or upgrade to a new release (which includes the patch).
- If you use a release that is covered by the support agreements, then providing the patch for that supported version is covered by the Maintenance Contract.
- If you are using a release that is not covered by the Support agreement, GX will provide the patch for that specific non-supported release on the basis of the actual costs incurred.
If you have any questions about your own situation in this process, please direct them to Customer Services. They will be happy to assist you.