There are services which have network ports open, allowing external and internal connections to the application.  These might be perceived as vulnerabilities.

Scanning tools may be run on the server which identifies external vulnerabilities, from the inside of the firewall.

There is a firewall built into the application which prevents actual external access.  There are very few ports open to the outside network.  See Settings -> Security for the current configuration on your server and to review what is open to the network.