XML injections

XML injection issues occur when an attacker modifies the SOAP request to send malicious input to the web service. For example, an attacker might modify user provisioning SOAP messages to the User Management Interface to create a false study user. Then, the attacker can use the false username credentials to log in to the study and view or modify sensitive data. Web service client developers must encode and validate XML content processed by the client application. To adhere to defense in depth security principles, any XML blocks in the SOAP request created by the client for the User Management Interface should enforce XML encoding and validate the XML source.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2019 Oracle and/or its affiliates. All rights reserved.