Risky Bulletin Newsletter
January 11, 2023
Risky Biz News: SugarCRM zero-day used to compromise roughly 10% of all internet-accessible servers
Presented by

News Editor
SugarCRM released an official patch a week after public disclosure. The company said that all users who run on-premise servers of its SugarCRM Sell, Serve, Enterprise, Professional, and Ultimate services should apply the update to avoid future attacks.
The company says it has hired a forensics firm to investigate the one-week time window during which its cloud platform was exposed to possible attacks.
No CVE has been assigned to this issue yet.