Primary

Context

SuiteCRM Legacy iCal Service Broken Authentication Vulnerability Allowing Unauthenticated Access to Meeting Data

Vulnerability

A vulnerability in SuiteCRM's legacy iCal service in versions 7.14.6 and 8.8.0 allows unauthenticated users to access meeting data. This issue arises from broken authentication, which enables unauthorized individuals to view any user's calendar events by knowing their username. Additionally, the vulnerability facilitates user enumeration. The problem has been addressed in SuiteCRM versions 7.14.7 and 8.8.1.

Impact

Exploitation of this vulnerability allows unauthorized users to access and view calendar event data of any user, given knowledge of their username. This access is unauthenticated, and the vulnerability also allows for user enumeration.

Remediation

Users can upgrade to SuiteCRM versions 7.14.7 or 8.8.1 to address this vulnerability.

Added: Aug 7, 2025, 12:18 AM

Updated: Aug 7, 2025, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM Legacy iCal Service Broken Authentication Vulnerability Allowing Unauthenticated Access to Meeting Data

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating