Vulnerability Name: | CVE-2016-4999 (CCN-116255) | ||||||||||||
Assigned: | 2016-08-05 | ||||||||||||
Published: | 2016-08-05 | ||||||||||||
Updated: | 2021-04-27 | ||||||||||||
Summary: | SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | ||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 9.4 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
9.4 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-89 | ||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-4999 Source: CCN Type: Red Hat JBoss BPM Suit Web Site Red Hat JBoss BPM Suit Source: CCN Type: RHSA-2016-1428 Important: Red Hat JBoss BRMS 6.3.1 security and bug fix update Source: CCN Type: RHSA-2016-1429 Important: Red Hat JBoss BPM Suite 6.3.1 security and bug fix update Source: BID Type: Third Party Advisory, VDB Entry 91795 Source: CCN Type: BID-91795 Red Hat Dashbuilder CVE-2016-4999 SQL Injection Vulnerability Source: REDHAT Type: Vendor Advisory RHSA-2016:1428 Source: REDHAT Type: Vendor Advisory RHSA-2016:1429 Source: CCN Type: Red Hat Bugzilla Bug 1349990 (CVE-2016-4999) CVE-2016-4999 Dashbuilder: SQL Injection on data set lookup filters Source: CONFIRM Type: Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1349990 Source: XF Type: UNKNOWN jboss-dashbuilder-cve20164999-sql-injection(116255) Source: CONFIRM Type: Third Party Advisory https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524b Source: CONFIRM Type: Permissions Required https://issues.jboss.org/browse/DASHBUILDE-113 Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-4999 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |