Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

CRITICAL SUPPORT NOTICE

This is a CRITICAL SUPPORT NOTICE regarding the risk of a potential security vulnerability impacting the GT eForms in which users could access forms they should not have access to. We have no evidence that this vulnerability has been exploited maliciously, but this notice includes instructions for fixing it such that exploitation is not possible moving forward.

Issue Details

This issue is a security vulnerability related to how our product handles direct links to specific forms. Supporting the use of these links is intended to improve user convenience; however, under certain conditions, they may allow a user to gain access to forms beyond their authorized scope.

Scope of Impact

  • This issue can only be exploited by PeopleSoft users with access to form searches that utilize the Search Set functionality.
  • If exploited, an affected user could:
    • View form data as though they were an authorized user of the form.
    • In some cases, modify form content. However, saving any changes requires a form action, which would be logged with their user ID.
  • This vulnerability cannot be used to:
    • Create new forms.
    • Approve workflow actions on existing forms.

Who the Issue Applies to

All eForms clients that have implemented one or more form searches that utilizes the Search Set functionality of the framework.

Action Required

A fix has been developed and requires only a single framework change. To provide the fastest resolution possible, we are offering two options:

  1. Self-apply the fix – Clients with the necessary technical expertise may apply the code change directly. Exact steps are available at the end of this document.
  2. Assisted application – Clients may request a call with GT staff for guided support. Please email support@gideontaylor.com to schedule assistance.

Future Notification

  • A reminder notice will be sent by September 12, 2025.
  • A final notice will be sent by September 26, 2025.
  • The GT eForms release scheduled for mid-Q4 2025 will include this patch.

Commitment to Our Clients

We apologize for any inconvenience caused by this issue. Gideon Taylor is committed to helping our customers have a great experience with GT eForms, and resolving issues like these is a top priority. If you have any questions, feel free to contact us at support@gideontaylor.com.

Instructions: Apply the Fix

  1. Using Application Designer open the Application Package peoplecode:

    Application Package: G3SEARCH
    Application Class: Search

  2. Run a find for the string &SearchSet

    • If not found, your Framework version does not support Search Sets and this fix is not needed.
    • If it is found, proceed to the next steps.

  3. Find the method named: RunSearch. At the very top of the method you should see the following code:

    A screenshot of code to change

  4. Make the following change:

    Change:

    If &FormFamily > " " And

    To:

    If (&FormFamily > " " Or &SearchSet > " ") And

  5. Save the file.

  6. The result should look like this:

    A screenshot of code after the change