It shows severity level 4 on an exposed Web Configuration File. The configuration file that showed up on our vulnerability scan does not contain any sensitive data. Is it possible to downgrade the severity level in our environment? We tried a redirect in our Apache config file but without success. It's related to a Cognos application server but even our Cognos consultant who implemented it does not have a clue. Should we just create a variance or downgrade the severity?