The Flash cross-domain policy file defines how flash applications from other domains can interact with the domain hosting this policy file.
If this vulnerability was reported as low severity, it means that Probe.ly does not have the required context to determine the impact of this issue. You are allowing any arbitrary flash application running on any subdomain of your domain to make requests to your site and read its response. If you do not host any user-content on the subdomain specified in your policy then it is safe to ignore this vulnerability.
To fix this vulnerability you should consider if your application needs to be accessed by flash applications (.swf files). Few applications have this requirement.
If you don’t have this requirement, you can safely delete the file, thus fixing the vulnerability.
If you need the file, and you know which domains hosting flash files need to contact your application, you can whitelist those domains by listing each one in the file:
Only flash applications from these domains will be able to interact both-ways with your domain.
If you need arbitrary domains interacting with yours, you should consider hosting the endpoints that will be accessed in a isolated domain, different from the main one. Do not use a subdomain for this. With this isolation, you will be sure that requests from flash applications will not carry your main domain session cookies, and will not be able to access the account of the user.