(no title)

My CVSS score for this is as follows:

CVSSv3.1:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L (I said "Low" integrity issues, and "Low" availability issues, since I don't know if the DOS issue is real)

That reads out to a "Medium" CVE.

I have, in the past, worked with some banks, and they want all 4+ CVSSv3 CVEs enumerated and either remediated or for a plan to be in place to remediate them.

Maybe you're significantly better than I am at this, but I am hesitant to look at any CVE and say it's not a problem with how I have configured my software. Unless I have really deeply looked into the issue, I get really nervous saying a CVE is not going to affect my software.