Description
The application uses a non-standard cryptographic algorithm. Cryptographic algorithms are the methods by which data is scrambled. There are a small number of well understood and heavily studied algorithms that should be used by most applications. It is quite difficult to produce a secure algorithm, and even high profile algorithms by accomplished cryptographic experts have been broken. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected.
Use only standard cryptographic algorithms such as Triple DES and Blowfish. For a hash algorithm, SHA-1 is preferred. MD5 is still quite widely used, although recent research has demonstrated several theoretical weaknesses, and it should therefore be avoided.

The ibm-cos-sdk-java is a fork of the AWS SDK for Java (version 1).

So, your scanning tool identified a “problematic” line, but it is right from (even) the most recent version of the AWS Java for SDK https://github.com/aws/aws-sdk-java/blob/master/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/internal/crypto/CipherLite.java#L70.

Looking around at this code, it implies (at least to me) that the use of a null cipher is intentional as it’s in a class called "cipher lite". I don’t think the author cared that the cipher was a weak cipher.

If the line must be changed per your team's process, I recommend opening an issue upstream https://github.com/aws/aws-sdk-java/issues. If and when AWS SDK developers get to it, then that patch it will eventually make it’s a way downstream into ibm-cos-sdk-java per the ibm-cos-sdk-java release processes.