6.5

CVE-2016-9149

EPSS 0.25%
Veröffentlicht 19.11.2016 06:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Pan-os Version >= 5.0.0 < 5.0.20

Paloaltonetworks ≫ Pan-os Version >= 5.1.0 < 5.1.13

Paloaltonetworks ≫ Pan-os Version >= 6.0.0 < 6.0.15

Paloaltonetworks ≫ Pan-os Version >= 6.1.0 < 6.1.15

Paloaltonetworks ≫ Pan-os Version >= 7.0.0 < 7.0.11

Paloaltonetworks ≫ Pan-os Version >= 7.1.0 < 7.1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.482

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

http://www.securityfocus.com/bid/94401

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037379

Third Party Advisory

VDB Entry

https://security.paloaltonetworks.com/CVE-2016-9149

https://nvd.nist.gov/vuln/detail/CVE-2016-9149

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9149

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9149

EUVD