CVE-2024-50623

Published: Oct 28, 2024Modified: Nov 5, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Affected (3)

Products: Cleo: Harmony, Lexicom, Vltrader

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cleo Harmony	Before 5.8.0.21
Cleo Lexicom	Before 5.8.0.21
Cleo Vltrader	Before 5.8.0.21

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory

Source: cve@mitre.org

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50623

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.