CVE-2016-4999
published 2016-08-05CVE-2016-4999: SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | dashbuilder | <= 0.5.0 | — |
| redhat | jboss_bpm_suite | — | — |
| redhat | jboss_bpm_suite | — | — |
| redhat | jboss_bpm_suite | — | — |
| redhat | jboss_bpm_suite | — | — |
| redhat | jboss_bpm_suite | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |
| redhat | jboss_enterprise_brms_platform | — | — |