VYPR
Critical severity9.8OSV Advisory· Published Aug 5, 2016· Updated Jun 17, 2026

CVE-2016-4999

CVE-2016-4999

Description

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • 0.5.0.Final+ 1 more
    • (no CPE)range: 0.5.0.Final
    • (no CPE)range: <0.6.0.Beta1
  • cpe:2.3:a:redhat:dashbuilder:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:dashbuilder:*:*:*:*:*:*:*:*range: <=0.5.0
    • (no CPE)range: <0.6.0.Beta1
  • cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_bpm_suite:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_bpm_suite:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_bpm_suite:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_bpm_suite:6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.3:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.