Bartłomiej Stasiek

**Name of the Vulnerable Software and Affected Versions** PeopleSoft Enterprise SCM eProcurement version 9.2 **Description** The issue is related to insufficient input validation in the Manage Requisition Status component. It allows a low-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement, resulting in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data. **Recommendations** For version 9.2, update to a version that includes the fix for this issue, as the current version is affected by insufficient input validation in the Manage Requisition Status component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PeopleSoft Enterprise PT PeopleTools versions 8.56 through 8.57 **Description** The issue is related to insufficient input validation in the Health Center component of Oracle PeopleSoft Enterprise PT PeopleTools. This can be exploited by a remote attacker using the HTTP protocol, potentially impacting the confidentiality, integrity, and availability of protected information. Successful attacks may result in unauthorized access to update, insert, or delete data, as well as read access to a subset of data. Additionally, attacks may cause a partial denial of service. **Recommendations** For versions 8.56 and 8.57, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PeopleSoft Enterprise PeopleTools versions 8.56 through 8.58 **Description** The issue is related to insufficient input validation in the SQR component of PeopleSoft Enterprise PeopleTools. This allows a low-privileged attacker with network access via HTTP to compromise the application. Successful attacks can result in unauthorized access to data, including update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service (DOS) of PeopleSoft Enterprise PeopleTools. **Recommendations** For versions 8.56, 8.57, and 8.58, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 7.1.23 and earlier PAN-OS versions 8.0.18 and earlier PAN-OS versions 8.1.8-h4 and earlier PAN-OS versions 9.0.2 and earlier **Description** The issue is related to information disclosure in PAN-OS, which may allow an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API, possibly escalating privileges granted to them. This is due to a lack of protection for service data. **Recommendations** For PAN-OS versions 7.1.23 and earlier, update to a version later than 7.1.23 to resolve the issue. For PAN-OS versions 8.0.18 and earlier, update to a version later than 8.0.18 to resolve the issue. For PAN-OS versions 8.1.8-h4 and earlier, update to a version later than 8.1.8-h4 to resolve the issue. For PAN-OS versions 9.0.2 and earlier, update to a version later than 9.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the XML API until a patch is available.