Each year our security/audit team tests various vendor products to see if they can find any issues, vulnerabilities, or things of concern. Recently, they tested the Web Viewer and flagged items for review.
Insecure Configuration Management: Hidden Directories Found. 
The application has exposed the presence of a directory in the site. Although the directory does not list its content, the information may help an attacker to develop further attacks against the site.
https://<server name>."domain".com:ppppp/manager

• Output Management Web Viewer 12.1
• Apache Tomcat®

Upon review, the reported vulnerabilities are not in the Web Viewer application, but rather in the Apache Tomcat Manager. The Tomcat Manager or specific directories with in it may be deleted if it is a problem. Web Viewer does not require the Tomcat Manager.