Vulnerability Description
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cleo | Harmony | < 5.8.0.21 |
| Cleo | Lexicom | < 5.8.0.21 |
| Cleo | Vltrader | < 5.8.0.21 |
Related Weaknesses (CWE)
References
- https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
FAQ
What is CVE-2024-50623?
CVE-2024-50623 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
How severe is CVE-2024-50623?
CVE-2024-50623 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-50623?
Check the references section above for vendor advisories and patch information. Affected products include: Cleo Harmony, Cleo Lexicom, Cleo Vltrader.