The Manager tool is triggering the error "Potential SQL injection attack by brute-force" during normal operations.
The most frequent warnings/errors are raised while opening business role objects (it does not happen while opening Employees, Departments, Locations, CostPools).
This is related to extended attributes and Manager trying to find if there are any extended attributes to be displayed for the object.
Error message:
"Potential SQL injection attack by brute-force, adding time penalty of 00:00:04.1320000,
WHERE clause: ((UID_ExtendedAttribute in (select UID_ExtendedAttribute from ObjectHasExtendedAttribute
where ObjectKeyOfObject like '%4a283745-60ce-4457-98a8-e474fae774ee%')))"
Steps to reproduce the error:
1. Have at least two business roles
2. Create extended attribute (it does not need to be connected to anything).
3. Open the business role objects repeatedly in the overview mode.
4. After 6-7 business roles the warning appears in the error log of the manager and significant performance drop can be seen (due to query time penalty)
The Application Server log may also report the following error:
"2020-11-18 19:42:41.8205 ERROR ( ObjectLog rhdaz1wjdfrzvwxryvqxombe) : SQL injection by brute force attack detected in WHERE clause: (filename in (N'Update.zip', N'Update.exe', N'VI.Base.dll', N'NLog.dll', N'Newtonsoft.Json.dll', N'InstallManager.Msi.dll', N'InstallManager.Core.dll')) or (filename like N'___.Update.dll')"
This is a product defect (32170).
WORKAROUND
None.
STATUS
This will be fixed in a future release of the product. If you require this immediately corrected, please contact Support for a hotfix referencing the defect ID 32170.
Please note: this has been addressed in version 8.1.2: Resolved issues.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center