Palo Alto Networks Security Advisories / PAN-SA-2016-0022

PAN-SA-2016-0022 Remote Text File Access on Traps Endpoint Server Management


047910
Severity 7.5 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE
JSON CSAF
Published 2016-08-25
Updated 2016-08-25
Reference CYV-8717, PAN-SA-2016-0022

Description

The Traps ESM Server license mechanism allows for remote license validation. The unintended ability to download text files using this subsystem was recently identified. (Ref # CYV-8717).

This vulnerability can be used to remotely retrieve text files stored on the Traps ESM.

This issue affects Traps ESM Core version 3.3.3 and earlier

Product Status

VersionsAffectedUnaffected
Traps ESM Core 3.3<= 3.3.3>= 3.3.4

Severity: HIGH

CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Solution

Traps ESM Core version 3.3.4 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks thanks Chen ChingRu for discovering and reporting the issue.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.