CVE-2024-50623

unknown KEV

Published 2024-12-13 · Modified 2024-12-13

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.

CISA KEV

Vendor: Cleo
Product: Multiple Products
Due date: 2025-01-03

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update ; https://nvd.nist.gov/vuln/detail/CVE-2024-50623

Exploits

References

https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update ; https://nvd.nist.gov/vuln/detail/CVE-2024-50623

Verify integrity in audit chain (admin only). AS-IS.