Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-4999

Published: 05/08/2016 Updated: 27/04/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Dashbuilder

Vulnerability Summary

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder prior to 0.6.0.Beta1 allows remote malicious users to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat dashbuilder

redhat jboss bpm suite 6.0.0

redhat jboss bpm suite 6.0.1

redhat jboss bpm suite 6.0.3

redhat jboss bpm suite 6.1

redhat jboss bpm suite 6.1.2

redhat jboss enterprise brms platform 5.0.0

redhat jboss enterprise brms platform 5.3.1

redhat jboss enterprise brms platform 6.0.0

redhat jboss enterprise brms platform 6.0.1

redhat jboss enterprise brms platform 6.0.2

redhat jboss enterprise brms platform 6.0.3

redhat jboss enterprise brms platform 6.1

redhat jboss enterprise brms platform 6.3

Vendor Advisories

Red Hat: CVE-2016-4999
A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter ...

References

CWE-89https://access.redhat.com/errata/RHSA-2016:1429https://access.redhat.com/errata/RHSA-2016:1428https://issues.jboss.org/browse/DASHBUILDE-113http://www.securityfocus.com/bid/91795https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524bhttps://bugzilla.redhat.com/show_bug.cgi?id=1349990https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2016-4999
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook