Vikas Khanna

**Name of the Vulnerable Software and Affected Versions** PeopleSoft Enterprise PRTL Interaction Hub version 9.1 **Description** The issue is related to insufficient input validation in the My Links component. It allows a low-privileged attacker with network access via HTTP to compromise the PeopleSoft Enterprise PRTL Interaction Hub, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data. **Recommendations** For version 9.1, consider restricting access to the My Links component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the HTTP protocol to access the PeopleSoft Enterprise PRTL Interaction Hub until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Sterling B2B Integrator Standard Edition versions 5.2.0 through 5.2.6 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session due to cross-site scripting. **Recommendations** For versions 5.2.0 through 5.2.6, update to a version that contains a fix for this issue to prevent cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** IBM Sterling B2B Integrator Standard Edition versions 2.2.0 through 2.2.6 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For versions 2.2.0 through 2.2.6, update to a version that is not affected by this issue to prevent cross-site scripting attacks.