← Back

Cleo

cleo

4 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Lexicom
lexicom
4 CVEs
Harmony
harmony
2 CVEs
Vltrader
vltrader
2 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-55956
1Cleo
3Harmony
LexicomVltrader
Nov 4, 2025
Dec 13, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default se...Show more
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.Show less
CVE-2024-50623
1Cleo
3Harmony
LexicomVltrader
Nov 5, 2025
Oct 28, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
CVE-2021-33577
1Cleo
1Lexicom
Nov 21, 2024
Jun 18, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the mes...Show more
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.Show less
CVE-2021-33576
1Cleo
1Lexicom
Nov 21, 2024
Jun 18, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on...Show more
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.Show less