Vulnerabilities found by third-party security scans should go to HackerOne

This article provides a solution to address vulnerabilities found by third-party security scans.

Affected products and versions

Issues

Merchant performed a PEN test through an independent security agency, and a vulnerability was flagged.

Solutions

Vulnerabilities found by third-party security scans should be sent to the HackerOne website. Adobe Commerce does not have a direct point of contact at HackerOne, so you should directly reach out to HackerOne. Adobe only handles the MST (Magento Security Scan tool) report.