Vulnerability Disclosure

Hi,

My name is Sharon and I am a vulnerability research team lead at https://Claroty.com , an ICS cyber security vendor.

Recently we’ve found multiple critical vulnerabilities in Mimosa MMP, including the cloud infrastructure, that we are trying to report for a few days now with no luck.

We sent emails to:

  • support @ mimosa. co
  • supportcopy @ mimosa. co
  • sirt @ mimosa. co (Mimosa Networks)

But received no reply as of today. Can you please direct me to the right person in Mimosa so we could safely disclose our findings?

I asked around and that will require someone from Mimosa engineering to get back to you. Not sure if any of them are on this forum.

We ask someone from Mimosa security team or engineering team to contact us ASAP.

We’ve been trying to contact Mimosa for over a week now to report on some highly critical vulnerabilities. We tried to send emails to multiple support/engineering email addresses, contact Mimosa via Chat, this support forum, and we even tried to contact Mimosa personal via Linkedin. We received no response from any of the communication channels!

All I can say is that there are some product people who occasionally pop into the forums. But none of them are actually on the engineering team. I messaged the one guy I know fairly well and he doesn’t have any extra help for you.

Have you tried contacting Mimosa’s parent company AirSpan? Contact | Airspan a 4G & 5G network densification solution provider

Hi Sharon I’ve private messaged you with my info, please contact me there. Apologies for the normal channel of incident response failing to get through.

1 Like

Hi Jaime,

I sent you an email but did not get a response. We also tried to send another round of emails to support, sirt, and others, but did not receive any response…

What do we need to do in order to responsibly report to you the critical vulnerabilities we found?