SQL injection getting triggered for native service calling

Debapriyo_Dasgupta1 · April 29, 2022, 7:41am

Hello Experts,

APIGateway Version (10.5.0.0) IS_10.5_Core_Fix13

With customer license

We are trying to enable SQL injection threat protection policy. We are choosing “Standard SQL injection protection” and keeping parameters as empty.

Once enabled, we started getting SQL injection alert for a REST call for native IS component
invoke/wm.server.admin:getServerHost

Any idea why we are getting this? We are not putting any explicit payload that might have any XML tags.

Thanks a lot in advance for your usual support.

Debapriyo_Dasgupta1 · May 7, 2022, 3:20pm

Any suggestions or comments experts?

system · August 5, 2022, 3:21pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
API Gateway SQL Injection Filter webMethods , API-Management , API-Gateway	5	714	April 20, 2024
SQL Injection Protection Filter Knowledge base webMethods , API-Management , API-Gateway	4	3077	October 5, 2023
Conditional Error processing webMethods , API-Management , API-Gateway	4	2312	April 2, 2021
Where can I find security features of CAF, MWS and IS webMethods? webMethods , Integration-Server-and-ESB , Adapters-and-E-Standards , Flow-and-Java-services , API-Management , SOA	2	1023	March 5, 2024
APIGW is not accepting square brackets in request data webMethods , API-Management , API-Gateway	3	572	December 6, 2023