Please describe your problem. We had an Internal Vulnerability Assessment performed by a large third party service provider. They advised us to remove the PHPBB completely as it has several threats. They also advised to install the latest version (3.0.10) and for a rescan. Rescan also notified that there are security threats.
You need to better define "security threat" as it relates to your work environment.
As an example some companies would consider anyway to remove proprietary data a security treat. In cases like this anyone with a usb stick would fit, as well as anyway to email data outside the work environment.
As you were told we have no security exploits to users but to us that means no exploitable code from other web users (I'm not including anything you could have added on here). But if you look back at my example phpbb3 could be called a "Vulnerability" in that case because of it's ability to email. Simply disabling/removing the email feature would make it ok in that case.
Maybe if you could give us a better guide line someone could have a solution for you.