Findings

All open vulnerability findings across applications.

Critical

High

Medium

Low

ID	Title	Sev	Scanner	App	Assignee	Age	SLA	Status
FND-0000	SQL injection in order lookup	low	Container	data-lake	Sara Okafor	15d	75d left	in progress
FND-0001	Hardcoded AWS access key in repo	low	CSPM	checkout-web	Marcus Lin	79d	11d left	accepted
FND-0002	Outdated openssl (CVE-2024-0727)	high	Pentest	k8s-platform	Noor Idris	0d	30d left	in progress
FND-0003	Cross-site scripting in support form	critical	SAST	ledger-service	Aisha Banda	5d	2d left	in progress
FND-0004	S3 bucket world-readable	critical	Container	identity-svc	Tomas Hill	72d	65d over	open
FND-0005	Container running as root	critical	CSPM	k8s-platform	Marcus Lin	22d	15d over	open
FND-0006	Weak TLS cipher suites enabled	medium	Secrets	k8s-platform	Tomas Hill	18d	Met	resolved
FND-0007	Missing CSRF token on POST endpoint	critical	Pentest	data-lake	Riley Chen	83d	Met	resolved
FND-0008	Log4j vulnerable version detected	medium	SAST	payments-api	Tomas Hill	1d	59d left	accepted
FND-0009	IAM role with AdministratorAccess	low	Container	marketing-web	Marcus Lin	25d	65d left	open
FND-0010	Unencrypted RDS instance	medium	SAST	marketing-web	Ben Carter	50d	10d left	accepted
FND-0011	Insecure deserialization in webhook handler	medium	SCA	data-lake	Noor Idris	26d	34d left	in progress
FND-0012	Path traversal in file download	info	CSPM	k8s-platform	Riley Chen	26d	64d left	accepted
FND-0013	Race condition in payment idempotency	medium	Secrets	payments-api	Mei Wong	42d	Met	resolved
FND-0014	JWT signature not verified	info	Pentest	data-lake	Noor Idris	20d	70d left	open
FND-0015	Open redirect in login flow	low	DAST	data-lake	Tomas Hill	79d	11d left	triaged
FND-0016	Sensitive data in URL params	high	SCA	payments-api	Marcus Lin	66d	36d over	accepted
FND-0017	Dependency confusion in private registry	high	CSPM	checkout-web	Marcus Lin	4d	Met	resolved
FND-0018	Public RDP exposed on EC2	medium	SCA	payments-api	Ben Carter	19d	41d left	triaged
FND-0019	Default credentials on internal dashboard	high	CSPM	ledger-service	Noor Idris	35d	5d over	open
FND-0020	GraphQL introspection enabled in prod	low	SCA	marketing-web	Noor Idris	29d	61d left	triaged
FND-0021	Lambda function with overly broad permissions	medium	SCA	ledger-service	Marcus Lin	28d	32d left	triaged
FND-0022	Secret committed in git history	low	SAST	ledger-service	Sara Okafor	3d	87d left	triaged
FND-0023	Insecure direct object reference	medium	Secrets	mobile-ios	Aisha Banda	39d	Met	resolved
FND-0024	Server-side request forgery in importer	medium	Secrets	identity-svc	Sara Okafor	13d	47d left	accepted
FND-0025	Prototype pollution in lodash <4.17.21	high	CSPM	marketing-web	Mei Wong	44d	14d over	triaged
FND-0026	Missing rate limit on auth endpoint	low	SAST	checkout-web	Marcus Lin	45d	45d left	open
FND-0027	SQL injection in order lookup	low	Container	mobile-ios	Tomas Hill	53d	Met	resolved
FND-0028	Hardcoded AWS access key in repo	low	SCA	marketing-web	Tomas Hill	56d	Met	resolved
FND-0029	Outdated openssl (CVE-2024-0727)	medium	SAST	data-lake	Ben Carter	65d	5d over	open
FND-0030	Cross-site scripting in support form	low	DAST	checkout-web	Tomas Hill	4d	86d left	open
FND-0031	S3 bucket world-readable	low	Container	checkout-web	Sara Okafor	59d	Met	resolved
FND-0032	Container running as root	medium	SCA	ledger-service	Aisha Banda	27d	33d left	in progress
FND-0033	Weak TLS cipher suites enabled	medium	Pentest	identity-svc	Riley Chen	12d	48d left	in progress
FND-0034	Missing CSRF token on POST endpoint	info	Secrets	identity-svc	Riley Chen	45d	45d left	open
FND-0035	Log4j vulnerable version detected	critical	DAST	data-lake	Riley Chen	50d	43d over	triaged
FND-0036	IAM role with AdministratorAccess	low	CSPM	mobile-ios	Aisha Banda	47d	Met	resolved
FND-0037	Unencrypted RDS instance	high	DAST	data-lake	Sara Okafor	60d	30d over	open
FND-0038	Insecure deserialization in webhook handler	medium	DAST	mobile-ios	Aisha Banda	48d	12d left	triaged
FND-0039	Path traversal in file download	medium	Secrets	marketing-web	Sara Okafor	61d	1d over	in progress