Julien Blommaert

**Name of the Vulnerable Software and Affected Versions** Accredible Credential.net (affected versions not specified) **Description** The API in Accredible Credential.net allows an Insecure Direct Object Reference attack, which discloses partial information about certificates and their respective holders. Note that the vendor has stated this is not a security issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Innovaphone PBX versions prior to 14r1 **Description** An issue was discovered in the Forgot password function. It provides information about whether a user exists on a system, and it also provides different responses to incoming requests in a way that reveals information to an attacker. **Recommendations** For versions prior to 14r1, update to version 14r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Forgot password function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Innovaphone PBX versions prior to 14r1 **Description** An issue was discovered in the password form used for authentication, allowing a Brute Force Attack. This could enable an attacker to access the administration panel. **Recommendations** For versions prior to 14r1, update to version 14r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration panel or implementing additional authentication measures to minimize the risk of exploitation.