Many things in the security field are relative, means they depend on context.
In your case the exception may contain some sensitive data. Only you can decide if this is a weakness or not. A few examples:
- If the exception text contains person names, addresses, account numbers, this may be a security issue in some cases. Normally we don’t want to have such data in the logs.
- If the exception text contains generic statement like “User A has no permission for operation B”, this is usually a safe text.
- If the exception text is technical like “NullPointerException”, it is safe.
Also the exception text can contain stack trace. In some cases disclosing it may be a weakness. For instance, if it contains information about classes and line numbers, it can be possible to find out what version of what library is used. If there is a known security issue in this library version, this can be used for an attack. Again, even if there is such a bug, it can be that exploit requires very specific preconditions and may be you are safe in your case.
Consider such findings not as a problem, but as a hint that there may be a problem. Analyze it, estimate the risks and decide, if the risks are acceptable.