Khalid Amin

**Name of the Vulnerable Software and Affected Versions** Dynamics 365 Finance (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface in Microsoft Dynamics 365 for Finance and Operations. This can allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpIPAM version 1.4 **Description** An issue was discovered in tools/pass-change/result.php, allowing CSRF to be used to change the password of any user or admin, escalate privileges, and gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password and the lack of security tokens. **Recommendations** For phpIPAM version 1.4, consider implementing security tokens and requiring the old password to be provided when changing passwords as a temporary workaround until a patch is available. Restrict access to the tools/pass-change/result.php file to minimize the risk of exploitation.