Dell One Identity Manager 7.X – SQL injection vulnerability in password synchronization web service

Dell One Identity Manager 7.X – SQL injection vulnerability in password synchronization web service

An authenticated attacker is able to exploit a SQL injection vulnerability in the Password Synchronization SOAP web service operation: GetListObject. This could allow an attacker to access and potentially manipulate data stored within the database; in addition to rendering it unavailable, causing a denial of service condition or exfiltration of sensitive information such as account details and domain password hashes.

Read more at – Dell One Identity Manager 7.X – SQL injection vulnerability in password synchronization web service

Allidm Identity Access Management Post Image

Tags: , ,