Many of our DevTest servers have been flagged as having a security vulnerability with the Lisa certificate. Because the Lisa (default) certificate is self signed, this gets flagged on our DevTest servers.
Here are the vulnerability details:

Vulnerability Path/Results

Source Reference ID

Port

Server Name

Notes

Certificate 0 CN=Lisa,OU=Lisa,O=Lisa,L=Dallas,ST=Texas,C=US,[email protected] self signed certificate

51111

PE Registry server

Certificate 0 CN=Lisa,OU=Lisa,O=Lisa,L=Dallas,ST=Texas,C=US,[email protected] self signed certificate

1505

SV Portal VSE server

Certificate 0 CN=Lisa,OU=Lisa,O=Lisa,L=Dallas,ST=Texas,C=US,[email protected]  is a self signed certificate.

1507

DEVTEST 10.7.2

N/A

You may remove webreckeys.ks, and any mention of webreckeys.ks being used in the properties files; and use your own certificates wherever default certs are used. 

This includes:

iam.properties

dradis.properties

local.properties

phoenix.properties

site.properties

We know that the vulnerabilities will be remediated with 10.8.0. However we have no further remediation steps for 10.7.2