SugarCRM contains a flaw that is triggered when the program fails to properly restrict access to the vcal_server.php script. This may allow a remote attacker to enumerate a username or email address.
Remote / Network Access
Loss of Confidentiality
OSVDB is not aware of a solution for this vulnerability.