Talk to your scanner provider. It's 2025, generic failures aren't acceptable, they must provide something that identifies the actual problem, ideally a CVE or a vendor information page regarding the identified problem.
In this case, check smb.conf, the global stanza should have:
client signing = required
server signing = mandatory
------------------------------
José Pina Coelho
IT Specialist at Kyndryl
------------------------------
Original Message:
Sent: Wed October 29, 2025 03:10 AM
From: goverdhana musunuri
Subject: FIX for "SMB signing is not required" vulnerability
Hi Ayappan
Samba configured on the AIX 7.2 servers for CIFS mounts. Our scanner not provided any CVE. But, I checked with IBM for remediation for this vulnerability. They mentioned that there is no direct support other than forums.
Regards
Goverdhana
------------------------------
goverdhana musunuri
Original Message:
Sent: Tue October 28, 2025 09:17 AM
From: Ayappan P
Subject: FIX for "SMB signing is not required" vulnerability
Please be more clear here. What is the CVE and which product is affected by it ?
------------------------------
Ayappan P
Original Message:
Sent: Tue October 28, 2025 07:12 AM
From: goverdhana musunuri
Subject: FIX for "SMB signing is not required" vulnerability
Hello All
I need vulnerable fix for the "SMB signing is not required" on AIX. Please help
------------------------------
goverdhana musunuri
------------------------------