Irina Belyaeva

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks GlobalProtect app versions 5.1 through 5.1.9 on Windows and MacOS Palo Alto Networks GlobalProtect app versions 5.2 through 5.2.8 on Windows and MacOS **Description** An information exposure issue exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS. When the Single Sign-On feature is enabled, the credentials of the local user account are sent to the GlobalProtect portal. This behavior is intentional and poses no security risk when connecting to trusted portals with the same Single Sign-On credentials. However, when the credentials are different, the local account credentials are inadvertently sent for authentication. This issue is a concern for Bring-your-Own-Device (BYOD) clients with private local user accounts or when the app is used to connect to different organizations. A third-party MITM attacker cannot see these credentials in transit. **Recommendations** For GlobalProtect app versions 5.1 through 5.1.9 on Windows and MacOS, update to version 5.1.10 or later to prevent the transmission of local user credentials to the target GlobalProtect portal. For GlobalProtect app versions 5.2 through 5.2.8 on Windows and MacOS, update to version 5.2.9 or later to prevent the transmission of local user credentials to the target GlobalProtect portal. As a temporary workaround, consider disabling the Single Sign-On feature in the GlobalProtect portal configuration until a patch is available.

Name of the Vulnerable Software and Affected Versions: Pryaniki version 6.44.3 Description: A cross-site scripting (XSS) issue allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment. Recommendations: For Pryaniki version 6.44.3, consider disabling the file upload feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to attachments to minimize the risk of JavaScript code execution. Avoid using the affected version for uploading or accessing files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1C:Enterprise 8 versions prior to 8.3.17.1851 **Description** The issue concerns the Web server in 1C:Enterprise 8, which sends base64 encoded credentials in the `creds` URL parameter. **Recommendations** For versions prior to 8.3.17.1851, update to version 8.3.17.1851 or later to resolve the issue.