CVE-2016-9149

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
paloaltonetworkspan-os
5.0.0 ≤
𝑥
< 5.0.20
paloaltonetworkspan-os
5.1.0 ≤
𝑥
< 5.1.13
paloaltonetworkspan-os
6.0.0 ≤
𝑥
< 6.0.15
paloaltonetworkspan-os
6.1.0 ≤
𝑥
< 6.1.15
paloaltonetworkspan-os
7.0.0 ≤
𝑥
< 7.0.11
paloaltonetworkspan-os
7.1.0 ≤
𝑥
< 7.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94401
http://www.securitytracker.com/id/1037379
https://security.paloaltonetworks.com/CVE-2016-9149
http://www.securityfocus.com/bid/94401
http://www.securitytracker.com/id/1037379
https://security.paloaltonetworks.com/CVE-2016-9149