L8L1

**Name of the Vulnerable Software and Affected Versions** Yonyou space-time enterprise information integration platform versions 9.0 and earlier **Description** The issue allows an attacker to obtain sensitive information via the `gwbhAIM` parameter in the "saveMove.jsp" file located in the "hr position" directory. This is achieved through a SQL injection attack. **Recommendations** For versions 9.0 and earlier, consider restricting access to the "saveMove.jsp" file in the "hr position" directory to minimize the risk of exploitation. Avoid using the `gwbhAIM` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.