CVE-2024-50623

EUVD-2024-45217
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
cleoharmony
𝑥
< 5.8.0.21
cleolexicom
𝑥
< 5.8.0.21
cleovltrader
𝑥
< 5.8.0.21
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
cleoharmomy
𝑥
< 5.8.0.21
ADP
cleovltrader
𝑥
< 5.8.0.21
ADP
cleolexicom
𝑥
< 5.8.0.21
ADP
Common Weakness Enumeration
References
https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50623