{"id":4725,"date":"2015-12-10T16:26:49","date_gmt":"2015-12-10T22:26:49","guid":{"rendered":"http:\/\/allidm.com\/blog\/?p=4725"},"modified":"2015-12-10T16:26:49","modified_gmt":"2015-12-10T22:26:49","slug":"dell-one-identity-manager-7-x-sql-injection-vulnerability-in-password-synchronization-web-service","status":"publish","type":"post","link":"https:\/\/allidm.com\/blog\/dell-one-identity-manager-7-x-sql-injection-vulnerability-in-password-synchronization-web-service\/","title":{"rendered":"Dell One Identity Manager 7.X &#8211; SQL injection vulnerability in password synchronization web service"},"content":{"rendered":"<h2>Dell One Identity Manager 7.X &#8211; SQL injection vulnerability in password synchronization web service<\/h2>\n<p>An authenticated attacker is able to exploit a SQL injection vulnerability in the Password Synchronization SOAP web service operation: GetListObject. This could allow an attacker to access and potentially manipulate data stored within the database; in addition to rendering it unavailable, causing a denial of service condition or exfiltration of sensitive information such as account details and domain password hashes.<\/p>\n<p>Read more at &#8211; <a href=\"https:\/\/support.software.dell.com\/identity-manager\/kb\/183500\" target=\"_blank\">Dell One Identity Manager 7.X &#8211; SQL injection vulnerability in password synchronization web service<\/a><\/p>\n<p><a href=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png\"><img data-recalc-dims=\"1\" decoding=\"async\" data-attachment-id=\"4613\" data-permalink=\"https:\/\/allidm.com\/blog\/logmote-has-launched-its-unified-authentication-single-sign-on-sso-solution-into-the-global-security-market\/allidm-identityaccessmanagement\/#main\" data-orig-file=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png?fit=10%2C10&amp;ssl=1\" data-orig-size=\"10,10\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Allidm Identity Access Management Post Image\" data-image-description=\"&lt;p&gt;Identity and Access Management Post Image&lt;\/p&gt;\n\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png?fit=10%2C10&amp;ssl=1\" loading=\"lazy\" src=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png?resize=10%2C10\" alt=\"Allidm Identity Access Management Post Image\" width=\"10\" height=\"10\" class=\"alignnone size-full wp-image-4613\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dell One Identity Manager 7.X &#8211; SQL injection vulnerability in password synchronization web service An authenticated attacker is able to exploit a SQL injection vulnerability in the Password Synchronization SOAP web service operation: GetListObject. This could allow an attacker to access and potentially manipulate data stored within the database; in addition to rendering it unavailable, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[88,75,43],"tags":[1382,883,1478],"class_list":["post-4725","post","type-post","status-publish","format-standard","hentry","category-identity-space","category-quest-identity-management","category-iam-identity-solutions","tag-iam-d1im","tag-iam-vulnerability","tag-identity-manager-7-vulnerability"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p25vfy-1ed","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/4725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/comments?post=4725"}],"version-history":[{"count":1,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/4725\/revisions"}],"predecessor-version":[{"id":4726,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/4725\/revisions\/4726"}],"wp:attachment":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/media?parent=4725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/categories?post=4725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/tags?post=4725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}