Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution.
The vulnerability affects the following products:
- Cleo Harmony® (prior to version 5.8.0.21)
- Cleo VLTrader® (prior to version 5.8.0.21)
- Cleo LexiCom® (prior to version 5.8.0.21)
Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.21) to address additional discovered potential attack vectors of the vulnerability.
Please visit Unrestricted File Upload and Download Vulnerability Mitigation to take immediate action.
Comments
0 comments
Please sign in to leave a comment.