If you believe that there are vulnerabilities in the MEG appliance, the first thing to do is to check the CVE numbers for the vulnerabilities in question against our Knowledge Base. When we become aware of CVEs people have found when testing our products, we investigate the vulnerability reports and advise as to whether or not we are vulnerable. In some cases, we find that we are vulnerable and thus fix the issue. For all CVEs for which you don't find a KB, I recommend calling in to Support and opening a ticket. When you do that, provide the results of your test, including relevant CVE numbers, to the Support representative. They can then get the ticket escalated to the SEO (Support Engineering Operations) team so that we can get the issues looked into by Development. In many cases, we find that the scanning tools indicate vulnerabilities based only upon the presence of features, without taking into account versions of libraries in effect, and thus although it shows a vulnerability, there really isn't one. That said, we want to investigate each potential vulnerability so that we can resolve those issues.
I just found the heartbleed vulnerability, but nothing else..
thanks a lot for yous response