Impact
At least one group experienced issues approving permanent vulnerability acceptance requests. The issue started on UTC-5 23-02-10 17:06 and was reactively discovered 26.2 months (TTD) later by a client who reported through our help desk [1] that vulnerabilities with pending permanent acceptance requests were not being displayed in the Permanently accepted modal, making it impossible to manage them. The problem was resolved in 21.6 hours (TTF), resulting in a total window of exposure of 26.2 months (WOE) [2].
Cause
The issue was very specific and affected only certain cases. The root cause was related to how the platform retrieved and displayed some vulnerabilities. The system was applying overly complex filters in the user interface, even though the necessary filtering could already be handled more effectively by the back-end service [3].
Solution
The filtering was moved entirely to the back-end, and the unnecessary filtering on the front-end was removed, resulting in a cleaner and more reliable display of the relevant vulnerabilities [4].
Conclusion
Moving forward, we aim to reduce complexity in the platform by shifting more logic to the back-end. Strengthening the back-end and simplifying the front-end should be the standard approach when solving similar issues. INCOMPLETE_PERSPECTIVE