Security Support Center
Objective
We are committed to providing secure products to our customers and take all security concerns seriously. We work to quickly review, validate and remediate vulnerabilities submitted to us.
The Vertiv Security Incident Response Team (SIRT) objective is to minimize security risk by providing timely information and remediation of vulnerabilities in our network, web properties and products. This includes software, hardware, services and solutions.
The SIRT manages the receipt, analysis, investigation and remediation of security issues. The SIRT will also coordinate the disclosure of security vulnerability information.
We welcome reports from independent researchers, industry organizations, vendors and customers concerned with security.
Policy
Our policy is to follow a coordinated vulnerability disclosure process. This process allows independent parties that discover a vulnerability in a Vertiv product to disclose those concerns to Vertiv directly, giving us time to investigate and remediate before the vulnerability is disclosed publicly. This protects Vertiv’s customers while acknowledging the reporters’ efforts. If a reported vulnerability relates to a vendor product, the SIRT will coordinate with the vendor to remediate the vulnerability. The SIRT will communicate with the reporter throughout the vulnerability investigation and will provide mutually agreeable next steps.
Report a Product Security Concern
If the vulnerability affects only a Vertiv product, please click “Report a Product Security Concern” below.
Please include the following:
- Product and version
- Description of the potential vulnerability
- Any special configuration required to reproduce the issue
- Proof of concept or exploit code, if available
- Potential Impact
- CVE #
- Company or Organization
- Tool used to uncover potential vulnerability
Report other Security Concerns
For all other security issues, please click “Report other Security Concerns” below.
Please include the following:
- Website URL or location
- Type of potential vulnerability (XSS, Injection, etc.)
- Instructions to reproduce the potential vulnerability
- Proof of concept or exploit code, including how an attacker could exploit the potential vulnerability
- Potential impact
We take security concerns seriously and work to evaluate and address them in a timely manner. Response timelines will depend on many factors, including: the severity, the product affected, the current development cycle, QA cycles, and whether the issue can only be updated in a major release.
Remediation may take one or more of the following forms:
- A new release
- A patch
- Instructions to download and install an update or patch from a third-party
- A workaround to mitigate the vulnerability
Notwithstanding the foregoing, not all reported concerns will result in validated vulnerabilities and we do not guarantee a specific resolution for all reported concerns.
