CVE-2024-50623: In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that...

0.0 CVSS

Description

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Classification

CVE ID: CVE-2024-50623

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Nuclei Template

http/cves/2024/CVE-2024-50623.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 96.92% (probability of being exploited)

EPSS Percentile: 99.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory

Timeline

2024-12-11 00:31:02 UTC
CVE

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that...
2024-12-11 15:00:13 UTC
Watchtower Labs

Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623)
2024-12-12 23:00:18 UTC
DarkWebInformer

Cleo Unrestricted File Upload and Download PoC (CVE-2024-50623)