Symptom
While creating/editing a goal, when SQL statement-liked strings are used e.g. select X from, goal cannot be saved and throws error:
- "Forbidden"
- "The operation you requested is unavailable. Please try again or contact your administrator"
Environment
SAP SuccessFactors Goal Management
Reproducing the Issue
1. Login to instance > navigate to Goals
2. Click on create a goal or edit an existing one
3. Enter select X from in field
4. Goal cannot be saved and throws error "Forbidden" or "The operation you requested is unavailable. Please try again or contact your administrator"
Cause
The root cause of this issue is the presence of a SQL Statement-liked string "select x from", in the request body. The WAF interprets it as a SQL Injection attack and blocks the request.
Resolution
SQL statement-liked strings are not supported. We recommend avoiding the use of such terms.
Keywords
goal, error, forbidden, text error, SQL, SQL statement-liked string, create goal, edit goal, text , KBA , LOD-SF-GM-TMP , Template Management , LOD-SF-GM , Goal Management , Problem