Tomas Rzepka

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks GlobalProtect app versions earlier than 5.1.9 on Windows Palo Alto Networks GlobalProtect app versions earlier than 5.2.8 on Windows Palo Alto Networks GlobalProtect app versions earlier than 5.2.8 on the Universal Windows Platform Palo Alto Networks GlobalProtect app versions earlier than 5.3.1 on Linux **Description** A stack-based buffer overflow issue exists in the GlobalProtect app, allowing a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. **Recommendations** For versions earlier than 5.1.9 on Windows, update to version 5.1.9 or later. For versions earlier than 5.2.8 on Windows, update to version 5.2.8 or later. For versions earlier than 5.2.8 on the Universal Windows Platform, update to version 5.2.8 or later. For versions earlier than 5.3.1 on Linux, update to version 5.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** App Studio (millicore) (affected versions not specified) **Description** The issue allows for server side request forgery (SSRF) through the external request API call. This could enable an attacker to probe internal network resources and access restricted endpoints. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advanced Productivity Software DTE Axiom versions prior to 12.3.3 **Description** The issue allows remote attackers to bypass authentication and read or modify data about users, customers, and projects. This is due to the lack of validation of the registration ID. **Recommendations** For versions prior to 12.3.3, update to version 12.3.3 or later to resolve the issue.