A vulnerability scan at a large bank reported CWE-693 on the XenServer's management interfaces. This issue prevents our product from being installed at the large bank's network in the future.
The vulnerability scan reports the threats described in the attached QLYS_Threat_CWE-693.pdf.
The vulnerability scan requests the solution described in the attached QLYS_Solution_CWE-693.pdf.
Note: the Priority is set to Blocker because the issue blocks XenServer, which our product's VMs run on, from being deployed at this large bank.