Hi,
What’s the timeframe for this fix? I’m assuming you haven’t consulted to your QSA for this vulnerability. Can you please forward more details on this vulnerability and we can work through it together. Also, bare in mind that depending on the vulnerability I might request for more information to understand the exposure.
For the reference, I’m working for a fintech company, making sure PCI DDS compliance is met. I have good experience with internal audits, preparing mitigation plans for AVS etc. However, if this vulnerability is related to weak ciphers being used in your software, I probably can’t help you with that.