The remote host is configured with default or easily-guessed credentials
The remote web server is running the Sybase SQL-Anywhere database server with default credentials. That is, the Sybase SQL Anywhere server ships with the default administrative credentials of 'dba/sql'. The PVS has just observed a user logging in using those credentials.
Change the credentials and require an encrypted login