6.5
CVE-2016-9149
- EPSS 0.25%
- Published 19.11.2016 06:59:00
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
Data is provided by the National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 5.0.0 < 5.0.20
Paloaltonetworks ≫ Pan-os Version >= 5.1.0 < 5.1.13
Paloaltonetworks ≫ Pan-os Version >= 6.0.0 < 6.0.15
Paloaltonetworks ≫ Pan-os Version >= 6.1.0 < 6.1.15
Paloaltonetworks ≫ Pan-os Version >= 7.0.0 < 7.0.11
Paloaltonetworks ≫ Pan-os Version >= 7.1.0 < 7.1.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.482 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|