Troubleshooted this problem with Max. Root cause is the ClowdApp did not have its 'webServices' and "APP_NAME" section set up correctly to route requests to the vulnerability internal admin API when running in ephemeral