A vulnerability scan found that the machine that has the OC Server on it shows that 'CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')' vulnerability present.

UIM 23.4 GA version through CU3/CU6

CWE-89 vulnerability will be resolved in UIM 23.4.7 (aka 23.4 CU7).  Currently we are targeting the early March 2026 for this release (subject to change).

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): https://cwe.mitre.org/data/definitions/89.html