Two Patches for Sage CRM are now available and have been distributed to the Sage Regions.
- Sage CRM 2022 R2.5
- Sage CRM 2023 R2.3
These patches include additional checks added to protect from a SQL injection attack when setting up groups.
This vulnerability addressed in these patches is not found in Sage CRM 2024 R1.
The following direct upgrades are supported:
- 2022 R1 - 2022 R2.5
- 2022 R2 - 2022 R2.5
- 2023 R1 - 2023 R2.3
- 2023 R2 - 2023 R2.3
Note: Support for Sage CRM 2021 R1 and Sage CRM 2021 R2 will end on 30 September 2024.
Please note that these patches apply to Sage CRM standalone and when integrated with Sage accounting products; Sage 50, Sage 100, Sage 200, Sage 1000, Sage 300, Sage X3 and Sage Intacct.
The Sage Regions will announce the appropriate download links shortly, and share the status of their application to integrated products.
In all cases, it’s our advice that patches be applied as soon as possible.