Hello, We have ISE 1.2 and info sec team run a test and found these vulnerabilities please advise how to fix them

1.Information Disclosure (ROBOT Attack)

Vulnerability allows attackers to extract the private session key, decrypt that session, and eavesdrop encrypted communications, by sending specially crafted packets to the web server repeatedly. CVE: None

Disable RSA encryption for the key exchange algorithm. By disabling RSA encryption we mean all ciphers that start with TLS_RSA. It does not include the ciphers that use RSA signatures and include DHE or ECDHE in their name. These ciphers are not affected by our attack. In case an update is available, it is recommended that interested users install the latest version of the software or firmware of their products. As a mitigation solution, it is suggested that system administrators disable on the servers, where possible, the TLS encryption methods using RSA. For more information on the ROBOT attack, on vulnerable TLS implementations and on the mitigation solution, you can consult the following external sources: http://www.kb.cert.org/vuls/id/144389 https://robotattack.org/

===========

2. Unauthorized Write Operations

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in read only mode, which allows attackers to create zero-length files. CVE: CVE-2017-15906

To fix the vulnerability update your software according to the used platform. All necessary information is available here: https://www.openssh.com/