See something, say something! Report it
E-mail: Statenet@sa.gov.au
Phone: (08) 8207 2070
STATENET SERVICES: VULNERABILITY DISCOVERY REPORT
A Security Vulnerability is a weakness in a product or service offering that could allow an attacker to compromise the
integrity, availability, or confidentiality of that product or service.
This form is intended for use by Customer Agencies and Suppliers to notify StateNet Services of a vulnerability in any of our
services.
Customer / Supplier details
Name
Phone
<Individual reporting the vulnerability here>
Representing Customer Agency or Supplier to StateNet Services
Email
<name of organisation here>
Nature of the vulnerability discovered
The vulnerability discovered affects
(or has the potential) to affect:
Definitions
(i.e. Exploit of the vulnerability would (or does)…
Confidentiality - results in unauthorised access, eavesdropping or release of
government information contrary to expected behaviour or design
Integrity - causes information to be changed, defaced or corrupted such that
the information can no longer be relied upon or considered accurate
Availability - Disrupts, impedes or restricts availability or limits anticipated
performance of a service
The service offering(s) from StateNet Services that is (are) vulnerable:
<list affected services here>
Description of the vulnerability and how to replicate it
Briefly describe the nature of the vulnerability discovered
examples include:




Proof-of-concept, system logs, screen capture and/or URL demonstrating the vulnerability
Type of issue (cross-site scripting, buffer overflow, SQL injection, etc.)
Any special configuration required to reproduce the issue
Impact of the issue, including how an attacker could exploit the issue
Date/time of discovery and confirmation of the (potential or actual) vulnerability: dd / mm / yy @ hh:mm
(Template only) Folder/File reference: 2014/16190/01 – 8780314