Cleo Unrestricted File Upload & Download Vulnerability
Wed, 12/11/2024
Fortra is actively researching a new vulnerability in three products from Cleo – Cleo Harmony, Cleo VLTrader, and Cleo LexiCom. This vulnerability, CVE-2024-50623, can allow unrestricted file upload and download, which can lead to remote code execution. Active exploitation of the vulnerability has been reported.
Cleo has released patches to address this vulnerability, and affected customers are strongly advised to to update their instances as soon as possible.