To help facilitate the reporting process and to ensure integrity of our platform and other related products, please follow the below guidelines
ServiceMax does not allow penetration testing of its ServiceMax managed cloud products without prior authorization. If you are a Customer, please contact your Account Representative for details. If you do encounter a vulnerability in one of our products, we encourage you to report it in a responsible and secure fashion by emailing us:
Email: Security@servicemax.com (For privacy and security purposes, please encrypt using PGP key available here)
So that we may more effectively respond to your report, please provide:
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product and version that contains the bug (Salesforce FSM, ServiceBoard, GO App Mobile, etc.)
- Security updates or other updates for the product you have installed
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if any)
- Impact of the issue, including how an attacker could exploit the issue
For ServiceMax customers who are subscribing to the Field Service Management product suite that sits on the Salesforce platform, please report any Salesforce specific vulnerabilities to Salesforce by visiting their Responsible Disclosure Policy page.
For any Amazon Web Services (AWS) vulnerabilities, please report them to AWS by visiting their Vulnerability Reporting site.