A SQL injection vulnerability exists in Tenable Patch Management versions prior to 9.3.968.19 due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. Tenable has released Tenable Patch Management version 9.3.968.19 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/tenable-patch-management