X3419

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 8.4.2 **Description** The issue affects SuiteCRM, a Customer Relationship Management (CRM) software application, where Graphql Introspection is enabled without authentication. This exposes the scheme defining all object types, arguments, and functions, allowing an attacker to obtain the GraphQL schema and understand the entire attack surface of the API. Sensitive fields, such as `UserHash`, are included in this exposure. **Recommendations** For versions prior to 8.4.2, update to version 8.4.2 to resolve the issue. As a temporary workaround, consider disabling Graphql Introspection until the update can be applied.