Injection

Injection vulnerabilities occur when data is sent into an interpreter via an interface specification and the party submitting the data does not check the data to ensure that only the expected actions are performed on the data by the interpreter.

Injections of the type SQL, code, command, log, path transversal (XML) are all possible, based on the interpreter used in the container.

Valid Content Types
SQL Injection
XML Injection
LDAP Injection

Parent topic: Addressing the Top Security Risks for Oracle Life Sciences IAMS APIs