Symptom(s)
iTM SSH private keys reported as vulnerability:
C:\Motorola\iTMData\Database\server.key
C:\Motorola\iTMData.iTM.old\Database\server.key
C:\Program Files (x86)\Motorola\iTMServer\PostgreSQL\data\server.key
Issue
as above
Environment
TETRA, iTM 8.1
Resolution
No issue found, iTM working as designed
While investigating the problem, it turned out that the scan was a false positive because it diagnosed the SSL private key as an insecure SSH key and this is a completely different thing. The SSL private key is used for SSL encryption in the connection between the server and the database - this connection is only available on the localhost, so there is no risk in it being plaintext.
Microsoft Defender for Cloud documentation states that if scan is not able to successfully verify the key, then it is categorized as unverified like in this case.
https://learn.microsoft.com/
Similar case in the internet: https://my.f5.com/
We suggest deleting:
C:/Motorola/iTMData.
C:/Program Files(x86)/Motorola/iTMServer/
For the third file C:/Motorola/iTMData/