Sec31Uk

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions 7.14.6 and 8.8.0 **Description** SuiteCRM, an open-source Customer Relationship Management (CRM) software application, suffers from broken authentication within the legacy iCal service. This allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, and related functionality enables user enumeration. **Recommendations** Update to SuiteCRM version 7.14.7. Update to SuiteCRM version 8.8.1.