How severe is CVE-2024-50623?

CVE-2024-50623 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-50623

Name: vltrader
Author: cleo

9.8CRITICAL

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Veröffentlicht: 10/28/2024Aktualisiert: 11/5/2025

CISA Bekannte Ausgenutzte Schwachstelle

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.

Erforderliche Maßnahme:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Fälligkeitsdatum:

2025-01-03

Bekannte Ransomware-Nutzung

Beschreibung

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

KI-AnalyseKI-gestützt

Betroffene Produkte

cleoharmony

cleolexicom

cleovltrader

Referenzen

https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50623
US Government Resource