A vulnerability scan found that the machine that has the OC Server on it shows that 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')' vulnerability present.

UIM 23.4 GA version through CU2

CWE-89 vulnerability will be resolved in UIM 23.4.3 (aka 23.4 CU3).  Currently we are targeting the end of 2024/Early 2025 for this release (subject to change).

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): https://cwe.mitre.org/data/definitions/89.html