반품
-
제목
SQL injection detection during ADSGroup update job -
설명
Updates to an ADSGroup within Identity Manager results in the ADHOC update job freezing in the job queue with the following error:
SQL injection by brute force attack detected in WHERE clause: (UID_DPRNamespace in (select UID_DPRNamespace from DPRNamespace where (Ident_DPRNamespace = N'ADS') or (AdditionalSystemTypes like N'%ADS%'))) and (ObjectKeyBase = '<Key><T>ADSGroup</T><P>group guid</P></Key>') -
원인
Product defect -
해결 방안
WORKAROUND:
Follow the steps below to lower the calculated risk in Designer.- Login to Designer with an applicable account
- Click on Edit configuration parameters
- Expand QBM\SQLCheck\RiskEvaluation
- Set the value to Low
- Click on Commit to database
- Click the Save button
Issue fixed in version in 8.2.1. The latest version of Identity Manager can be downloaded here -
변경 요청
35356 -
추가 정보
Defect 35356 affects 8.2