Security Analytics is not vulnerable, but the iDRAC and ME4 Web UI are.  We recommend disabling ssh in these interfaces. ssh is not used by the application or for support.

 

To disable ssh in the iDRAC, login to the iDRAC

For the iDRAC, login to the idrac and searched for the keyword ssh in the top right corner. This navigates directly to the Services -> SSH menu to Enable or Disable ssh.

For the ME4 storage login and select Home -> Action -> System Settings -> Services and deselect SSH.

 

These are the results from the Terrapin vulnerability scanner for the Security Analytics application -

./Terrapin_Scanner_Linux_amd64 -connect
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.0

ChaCha20-Poly1305 support:   false
CBC-EtM support:             false

Strict key exchange support: false

The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. 
For strict key exchange to take effect, both peers must support it.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit https://terrapin-attack.com

 

These are not supported but a quick test show that the instructions might work in some cases.