A security scan may identify a CWE-284 (Improper Access Control) vulnerability, specifically related to Broken Object Level Authorization (BOLA), within the DX Unified Infrastructure Management (UIM) backend API.

DX UIM Operator Console 23.4.7 and earlier

The backend validation layer correctly verifies the data type of incoming parameters (e.g., ensuring a value is an integer) but does not strictly enforce boundary or range constraints. This allows a user to provide technically valid data types that fall outside the authorized or expected functional range for a specific object.

 A fix to enforce strict range and boundary validation for API parameters is planned for inclusion in DX UIM 23.4 Cumulative Update 8 (CU8).

The tentative release for CU8 is scheduled for July 2026 (subject to change).