How do I report a security vulnerability identified in an RSA product?
Originally Published: 2018-09-07
Article Number
Applies To
Issue
Resolution
RSA strives to help our customers minimize risk associated with security vulnerabilities in our products. Our goal is to provide customers with timely information, guidance and mitigation options to address vulnerabilities. The RSA Product Security Incident Response Team (RSA PSIRT) is chartered and responsible for coordinating the response and disclosure for all product vulnerabilities that are reported to RSA.
RSA employs a rigorous process to continually evaluate and improve our vulnerability response practices and we regularly benchmark these against the rest of the industry.
How to Report a Security Vulnerability
If you identify a security vulnerability in any RSA product, please report it immediately. Timely identification of security vulnerabilities is critical to mitigating potential risks to our customers.RSA customers and partners should contact the appropriate technical support team to report security issues discovered in an RSA product. The Technical Support team, the appropriate product team and RSA PSIRT will work together to address the issue and provide customers with next steps.
Security researchers, industry groups, vendors, and other users that do not have access to Technical Support should send vulnerability reports to RSA PSIRT via email (responsibledisclosure@rsa.com).
When reporting a potential vulnerability please include as much of the below information as possible to help us better understand the nature and scope of the reported issue:
- Product name and version that contains the vulnerability
- Environment or system information under which the issue was reproduced (e.g. product model number, OS version etc.)
- Type and/or class of vulnerability (XSS, buffer overflow, RCE, etc.)
- Step-by-step instructions to reproduce the vulnerability
- Proof-of-concept or exploit code
- Potential impact of the vulnerability
Notes
Related Articles
How do I reset the On-Demand Authentication (ODA) PIN for my RSA Community account? Number of Views How do I reset the security questions for my RSA Community account? Number of Views How do I reset the password for my RSA Community account? Number of Views What should I do if I forgot the password for my RSA Community account? Number of Views Why am I getting an "Access Denied" error when logging in to the RSA Community? Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
