Vulnerabilities > Redhat > Dashbuilder > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-4999 SQL Injection vulnerability in Redhat products
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
network
low complexity
redhat CWE-89
critical
 9.8
9.8