Lucene search

Palo Alto Networks Product Security Incident Response TeamPAN-SA-2016-0001

HistoryFeb 23, 2016 - 8:00 a.m.

ESM Console XSS vulnerability

2016-02-2308:00:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.8%

JSON

A cross-site scripting vulnerability exists in the web-based console management. This vulnerability has been assigned CVE-2015-2223.
This issue affects the management interface of Traps, where an authenticated administrator may be tricked into injecting malicious JavaScript into the web UI interface.
This issue affects Traps ESM Console version 3.2.1 and earlier

Work around:
No work around available.

CPENameOperatorVersion
traps esm consolelt3.1.5.3691
traps esm consolelt3.2.1.3559

CPE	Name	Operator	Version
	traps esm console	lt	3.1.5.3691
	traps esm console	lt	3.2.1.3559

References

security.paloaltonetworks.com/CVE-2015-2223

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for PAN-SA-2016-0001