Security scans of 2018.1 and earlier may show the following vulnerabilities reported in Drupal:
CVE-2019-6338 - Drupal is prone to a remote PHP object-injection vulnerability.
CVE-2019-6339 - Drupal is prone to a remote code-execution vulnerability.
Drupal was used by 2018.1 and earlier to serve product documentation for offline usage.
Release : 2018.1
2018.1 is end of life and no longer supported. The recommendation is to update to the newest version of on-premise which no longer uses Drupal
If upgrading is not possible, the workaround is to delete the directory or set permissions to deny access to all users:
# chmod 000 /var/www/html/help
# rm -rf /var/www/html/help