Felix B

**Name of the Vulnerable Software and Affected Versions** Microsoft Purview (affected versions not specified) **Description** A server-side request forgery (SSRF) flaw in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. SSRF is a flaw where an attacker can induce the server-side application to make requests to an unintended location. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Entra ID Entitlement Management (affected versions not specified) **Description** Server-side request forgery (SSRF) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. This flaw enables exploitation via crafted requests, which may impact confidentiality, integrity, and availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office SharePoint (affected versions not specified) **Description** Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Power Automate (affected versions not specified) **Description** Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface, which can allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office Word (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Office, specifically in Microsoft Word and Microsoft 365 Apps for Enterprise. This can allow an attacker to disclose protected information and bypass existing security restrictions. A tampering vulnerability in Microsoft Office Word enables attackers to affect the system. **Recommendations** For Microsoft Office Word, consider restricting access to sensitive features until a patch is available. For Microsoft 365 Apps for Enterprise, avoid using potentially vulnerable components until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.