Highjack7

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Before versions 7.15.1 and 8.9.3, the REST API V8 lacks Access Control List (ACL) checks on several endpoints. This allows authenticated users to access and manipulate data they are not permitted to interact with. The API endpoints are affected. The vulnerable parameters or variables are not specified. **Recommendations** Update to SuiteCRM version 7.15.1 or later. Update to SuiteCRM version 8.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.14.4 SuiteCRM versions prior to 8.6.1 **Description** A vulnerability in connectors of SuiteCRM allows an authenticated user to perform a remote code execution attack. **Recommendations** For versions prior to 7.14.4, update to version 7.14.4 or later to resolve the issue. For versions prior to 8.6.1, update to version 8.6.1 or later to resolve the issue.