Vulnerability scan found these three problems.

Security Finding #1 (port 8443) AutoComplete Attribute Not Disabled for Password in Form Based Authentication [ port 8443]  GET /examples/jsp/security/protected/ HTTP/1.1

Security Finding #2  [ port 15100]  Web Server Uses Plain Text Basic Authentication GET /manager/status HTTP/1.1 

Security Finding #3 [ Port 8080]  AutoComplete Attribute Not Disabled for Password in Form Based Authentication GET /examples/jsp/security/protected/ HTTP/1.1

Release : 12.1

Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS

Security Findings 1 & 3 vulnerabilities are in the Tomcat supplied "examples" application. 

Security Finding #3 is caused from the Tomcat supplied "manager "application that has been configured for use.

1. Security Finding #1 (port 8443) may be resolved by undeploying the examples application. The examples application is not utilized by Web Viewer.
2. Security Finding #2 [ port 15100] may be resolved by undeploying the Tomcat Manager, which was set up for use while troubleshooting a problem.
3. Security Finding #3 (Port 8080) may also be resolved by undeploying the examples application. The examples application is not utilized by Web Viewer.