SugarCRM takes the security of our customers' and partners' systems and data seriously. Recently, we became aware of a vulnerability impacting our Sugar Sell, Enterprise, Professional, Serve, and Ultimate software solutions. We have been actively communicating with our global customers and partners to keep them apprised of steps toward resolution.
We want to share that we have received the final report from our third-party forensics firm confirming no intrusion has been detected in any instances of Sugar Sell, Enterprise, Professional, Serve, and Ultimate software solutions running in the SugarCloud. The vulnerability did not impact our Sugar Market software solution.
For those customers running on-premise instances of Sugar Sell, Enterprise, Professional, Serve, and Ultimate software solutions, Sugar has released versions 12.0.2 and 11.0.5. These versions contain the hotfix to address this vulnerability. For more in-depth details and instructions on how to mitigate exploitation and troubleshoot Sugar environments, please read and subscribe to the FAQ and information update here.
Please reach out to us at secure@sugarcrm.com for assistance, questions, and more information as needed. Thank you, and we appreciate your business, collaboration and commitment to Sugar.
[Updated Jan 30, 2023: "We want to share that we have received the final report from our third-party forensics firm..."]