Jack7

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.9.3, the `RecordHandler::getRecord()` method retrieves records based on module and ID without verifying the current user’s access permissions for viewing. The `saveRecord()` method correctly checks access permissions for saving, but `getRecord()` bypasses the equivalent check for viewing. This could allow unauthorized access to sensitive information. **Recommendations** Update to version 8.9.3 or later.