ГлавнаяУязвимости → CVE-2024-50623
9.8критическая

CVE-2024-50623

→ есть в БДУ: BDU:2025-00709 (на русском)
Описание (на английском; русское — в БДУ выше)

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Затрагиваемое ПО
Cleo HarmonyCleo LexicomCleo Vltrader
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50623