After Migrating from 12.2.1.4 OBIEE (Oracle Business Intelligence Enterprise Edition) to OAS (Oracle Application Server) 5.9 Selecting Parameter in Data Model Generates SQLInjection Error: Invalid Parameter Value
(Doc ID 2849023.1)
Last updated on FEBRUARY 13, 2022
Applies to:
BI Publisher (formerly XML Publisher) - Version 12c and laterInformation in this document applies to any platform.
Symptoms
On : 12.2 version, Enterprise : Install / Upgrade
Oracle Analytics Publisher 12.2.5.9.0: SQLInjection Error
Migrated instance from OBIEE 12.2.1.4 to OAS 5.9 with Publisher 12.2.5.9.0.
This is related to data models with procedure call data sets.
This was worked prior to migrating.
In the Data Model for the report, define LOV (list of values) and Parameter.
Invalid error comes from the LOV string.
When selecting values, any values starting with insert or update in string fails.
For example:
The Department field has an LOV and has Parameters "Inside Prep" and "Insert Reclaiming" with LOV string.
After excluding these Parameters, the report is working fine.
However using insert or update in string generates the following error:
ERROR
-----------------------
Error:
SQLInjection Error: Invalid parameter value Insert Prep
Error Detail:
SQLInjection error: Invalid parameter value Insert Prep
Data Engine Log also shows:
STEPS
-----------------------
The issue can be reproduced at will with the following steps:
Log into Catalog -> Edit -> Select Data Model.
Select the Data Set.
Define LOV and Parameters -> Open -> View Data -> Select Parameter.
Error is observed.
Changes
Migrated from OBIEE 12.2.1.4 to OAS 5.9 with Publisher 12.2.5.9.0.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |