When security teams report issues against AutoSys / EEM ports, it helps to obtain below information for additional analysis

• IP address / port name properly listed in the vulnerability / scan reports
  
  
• Type of vulnerability identified on the above port
  
  
• AutoSys / EEM  version/log/configurations from all the servers in question
  
  
• Output of commands similar to below against each server / port in question 
  Note: replace <ServerName>  by your server name in question and <portNumber> by appropriate port from the scan report above

openssl s_client -connect  <ServerName>:<portNumber> -tls1_2 -debug
openssl s_client -connect <ServerName>:<portNumber> -tls1_1 -debug
openssl s_client -connect <ServerName>:<portNumber> -tls1 -debug

# if applicable test 1.3 also
# openssl s_client -connect  <ServerName>:<portNumber> -tls1_3 -debug


nmap -sV --script ssl-enum-ciphers -p <portNumber>  <ServerName>

• If the concern is regarding specific files (a jar file for example) instead of a port, a report showing path to those files, version/concern noted helps too.