We currently have DevTest 10.1 on Windows 2012 Servers. The DevTest Servers have been scanned and identified as having two security vulnerabilities.
The vulnerabilities are the following:
#1: QID: 38142
SSL Server Allows Anonymous Authentication Vulnerability (High)
Upgrade to modern, supported version of Apache Tomcat and/or update configuration to disable support for anonymous authentication.
#2: QID: 38628
SSL Server Allows Cleartext Communication Vulnerability (High)
Disable ciphers which support clear text communication
To disable Apache Tomcat Vulnerabilities, remove the Demoserver folder (if installed) , the examples folder and example_src folder after the installation. This should take care of the vulnerability.
Tomcat versions with respect to DevTest 10.x:
DevTest 10.1 : Tomcat 7.0.63
DevTest 10.2 : Tomcat 8.0.45
DevTest 10.3 : Tomcat 9.0.1