Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Cleo›Applicationnvd

Harmony

Vulnerabilities

2

Known exploited

2

Max CVSS

9.8

Top EPSS

0.98529

Severity breakdown

Critical

2

High

0

Medium

0

Low

0

Affected version ranges

< 5.8.0.21< 5.8.0.24

Also matched as (raw): harmony,lexicom,vltrader

Top vulnerabilities

CVE-2024-55956In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

CVE-2024-50623In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

View vendor →Open in catalog with product filter →