Medium severity6.5NVD Advisory· Published Nov 19, 2016· Updated Jun 17, 2026
CVE-2016-9149
CVE-2016-9149
Description
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*range: >=5.0.0,<5.0.20
- (no CPE)range: <5.0.20, <5.1.13, <6.0.15, <6.1.15, <7.0.11, <7.1.6
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/94401nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037379nvdThird Party AdvisoryVDB Entry
- security.paloaltonetworks.com/CVE-2016-9149nvd
News mentions
0No linked articles in our index yet.