← Back

CVE-2016-9149

nvd nist
Published: Nov 19, 2016Modified: May 6, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.

Affected (6)

Paloaltonetworks
1 product
Pan Os
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Paloaltonetworks
Pan Os
From 5.0.0 to 5.0.20
Pan Os
From 5.1.0 to 5.1.13
Pan Os
From 6.0.0 to 6.0.15
Pan Os
From 6.1.0 to 6.1.15
Pan Os
From 7.0.0 to 7.0.11
Pan Os
From 7.1.0 to 7.1.6

Related CWEs

CWE-19
CWE-19

References (6)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.