SQL injection getting triggered for native service calling

, ,
1

Hello Experts,

What product/components do you use and which version/fix level?

APIGateway Version (10.5.0.0) IS_10.5_Core_Fix13

Are you using a free trial or a product with a customer license?

With customer license

What are trying to achieve? Please describe in detail.

We are trying to enable SQL injection threat protection policy. We are choosing “Standard SQL injection protection” and keeping parameters as empty.

image
image1183×232 11.9 KB

Once enabled, we started getting SQL injection alert for a REST call for native IS component
invoke/wm.server.admin:getServerHost

Any idea why we are getting this? We are not putting any explicit payload that might have any XML tags.

Thanks a lot in advance for your usual support.

Do you get any error messages? Please provide a full error message screenshot and log file.

Have you installed latest fixes for the products

2

Any suggestions or comments experts?

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.