SQL injection detection during ADSGroup update job
说明
Updates to an ADSGroup within Identity Manager results in the ADHOC update job freezing in the job queue with the following error:
SQL injection by brute force attack detected in WHERE clause: (UID_DPRNamespace in (select UID_DPRNamespace from DPRNamespace where (Ident_DPRNamespace = N'ADS') or (AdditionalSystemTypes like N'%ADS%'))) and (ObjectKeyBase = '<Key><T>ADSGroup</T><P>group guid</P></Key>')
原因
Product defect
解决办法
WORKAROUND: Follow the steps below to lower the calculated risk in Designer.
Login to Designer with an applicable account
Click on Edit configuration parameters
Expand QBM\SQLCheck\RiskEvaluation
Set the value to Low
Click on Commit to database
Click the Save button
STATUS: Issue fixed in version in 8.2.1. The latest version of Identity Manager can be downloaded here