Skip navigation

Vulnerability reporting form

Ericsson’s vulnerability disclosure program offers a channel to report any security vulnerabilities found in Ericsson products or IT solutions.

Ericsson is committed to high security standards, and it is vital that we are notified as early as possible to prevent potential damage. Ericsson therefore encourages the reporting of any security vulnerabilities as soon as possible. Individuals who report may be recognized on our acknowledgement page.

To see our product vulnerability disclosure policy, visit Ericsson product vulnerability disclosure policy page.

Note! All security related concerns identified by existing customers and suppliers are handled through established direct channels. Customers and suppliers are therefore advised to reach out to their Ericsson contact directly.

Reporting

Description of the potential vulnerability

 

If there is a failure or problem with the form, please send an email to vulnerability.disclosure@ericsson.com mailbox. Thank you!

Information collection and use – Privacy disclaimer 

When you disclose a vulnerability to Ericsson, we collect your name, email address and all details provided by you in the form. We retain such information for administrative purposes, and to be able to respond to you and track further correspondence during the investigation of the reported vulnerability.  

For more information on how we may process your personal data, please see the  Ericsson Privacy Policy.

What will happen next? 

  1. Ericsson will respond to the vulnerability reporter and establish communication to exchange further information and acknowledge that the report has been received.
    All vulnerability details are handled with high confidentiality and only shared on a need-to-know basis both internally and externally. 
  2. During the vulnerability coordination Ericsson will continue to collaborate with the reporter to get more detailed information and to keep them apprised about the progress as much as confidentiality and regulations allow. 
  3. When the investigation process of the reported vulnerability has concluded Ericsson will communicate appropriate details back to the reporter and any other relevant parties. 
  4. The decision of when and where the reported vulnerability is published is determined case-by-case. 
  5. Ericsson’s vulnerability disclosure program recognizes reporters on the Acknowledgements page. Ericsson reserves the right to make the decision to recognize or not, on a case-by-case basis.

 

 

Thank you for your contribution!

 

Contact details:

vulnerability.disclosure@ericsson.com

 

PGP key fingerprint:

Note: For all correspondence over email please encrypt with the below PGP key and include your own public key in the email.

6E71 7371 226D DC71 17C8 C91F 88DF 2BAC 3D09 908C

Download Ericsson Vulnerability Disclosure PGP key (.txt)