Security team has identified a below vulnerability
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
"Legacy block ciphers having block size of 64 bits are vulnerable to a practical collision attack when used in CBC mode.
All versions of SSL/TLS protocol support cipher suites which use DES, 3DES, IDEA or RC2 as the symmetric encryption cipher are affected.
Note: This CVE is patched at following versions
Remote attackers can obtain cleartext data via a birthday attack against a long-duration encrypted session.
Recommendation by Tool
"Disable and stop using DES, 3DES, IDEA or RC2 ciphers.
More information can be found at Microsoft Windows TLS changes docs (https://docs.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) and Microsoft Transport Layer Security (TLS) registry settings (https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings)"
This is caused by improperly configured CORBA files or a policy that blocks anonymous ciphers.
Release : 10.4
Component : Spectrum Core / SpectroSERVER
Currently, we can't restrict the cipher suites for secure CORBA ports.
This vulnerability will be addressed as part of feature request F83485 (in NetOps 21.2.1)
If the client is not specifically using secure corba they can disable it which will stop the ports from being bound.
How to disable Secure CORBA after seeing ports in a vulnerability scan (broadcom.com)