How severe is CVE-2024-50623?

CVE-2024-50623 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-50623

Name: vltrader
Author: cleo

9.8CRITICAL

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

게시됨: 10/28/2024업데이트됨: 11/5/2025

CISA 알려진 악용 취약점

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.

필요한 조치:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

마감일:

2025-01-03

알려진 랜섬웨어 사용

설명

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

AI 분석AI 기반

영향받는 제품

cleoharmony

cleolexicom

cleovltrader

참조

https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50623
US Government Resource