A vulnerability scan found that the machine that has the OC Server on it shows that CWE-522: Insufficiently Protected Credentials' vulnerability present.

UIM 23.4 GA version through CU2

CWE-522 vulnerability does not apply to UIM. UIM does not store user credentials directly. For authentication purposes, UIM utilizes JSON Web Tokens (JWT), which are stateless and do not involve storing sensitive user information in the system.

CWE-522: Insufficiently Protected Credentials: https://cwe.mitre.org/data/definitions/522.html