This is a false vulnerability issue for Broadcom Products (APM, OI and AXA).
- DX OI and Dashboards endpoints in DX SaaS and we are not vulnerable as we use TLS 1.2 or higher.
This will not be relevant for DX Gateway, DX Platform, DX Installer as it's specifically about communication between user's browser and UIs.
- The APM endpoint (apmgw.dxi-xxx) is also not vulnerable in SaaS.
Suggestion: validate that all your DX ingres/routes with the TLS checker to confirm those are not vulnerable.