First published: Sat Nov 19 2016(Updated: )
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Pan-os | >=5.0.0<5.0.20 | |
Paloaltonetworks Pan-os | >=5.1.0<5.1.13 | |
Paloaltonetworks Pan-os | >=6.0.0<6.0.15 | |
Paloaltonetworks Pan-os | >=6.1.0<6.1.15 | |
Paloaltonetworks Pan-os | >=7.0.0<7.0.11 | |
Paloaltonetworks Pan-os | >=7.1.0<7.1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.