Penetration team raised below concern:
the adversary was able to find that the application uses Cipher Block Chaining (CBC) as its encryption mode, along with Public Key Cryptography Standards (PKCS5/PKCS7) padding. This configuration is known to be vulnerable to Padding Oracle attacks.
Recommendations:
It is recommended to use GCM (Galois Counter Mode)
Need help in removing the AES/CBC references