2024-10-28 03:03:22 +00:00
{
"id" : "CVE-2024-50623" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2024-10-28T00:15:03.657" ,
2024-12-20 17:03:44 +00:00
"lastModified" : "2024-12-20T15:04:26.097" ,
"vulnStatus" : "Analyzed" ,
2024-10-28 03:03:22 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
2024-11-15 17:03:22 +00:00
"value" : "In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution."
2024-10-28 15:04:19 +00:00
} ,
{
"lang" : "es" ,
"value" : "En Cleo Harmony anterior a 5.8.0.20, VLTrader anterior a 5.8.0.20 y LexiCom anterior a 5.8.0.20, hay una vulnerabilidad de inyecci\u00f3n de JavaScript."
2024-10-28 03:03:22 +00:00
}
] ,
2024-10-30 23:03:21 +00:00
"metrics" : {
"cvssMetricV31" : [
2024-12-20 17:03:44 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
} ,
2024-10-30 23:03:21 +00:00
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
2024-12-17 23:03:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2024-10-30 23:03:21 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
2024-12-17 23:03:42 +00:00
"userInteraction" : "NONE" ,
2024-10-30 23:03:21 +00:00
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-10-30 23:03:21 +00:00
} ,
2024-12-17 23:03:42 +00:00
"exploitabilityScore" : 3.9 ,
2024-10-30 23:03:21 +00:00
"impactScore" : 5.9
}
]
} ,
2024-12-14 03:03:42 +00:00
"cisaExploitAdd" : "2024-12-13" ,
"cisaActionDue" : "2025-01-03" ,
"cisaRequiredAction" : "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable." ,
"cisaVulnerabilityName" : "Cleo Multiple Products Unrestricted File Upload Vulnerability" ,
2024-10-30 23:03:21 +00:00
"weaknesses" : [
2024-12-20 17:03:44 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-434"
}
]
} ,
2024-10-30 23:03:21 +00:00
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
2024-12-10 21:03:48 +00:00
"value" : "CWE-434"
2024-10-30 23:03:21 +00:00
}
]
}
] ,
2024-12-20 17:03:44 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cleo:harmony:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.8.0.21" ,
"matchCriteriaId" : "829892E7-DFA5-4153-A1B0-D2C64054ED9F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cleo:lexicom:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.8.0.21" ,
"matchCriteriaId" : "EA757293-8537-4DCE-BC91-E2D4A5CB08B3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cleo:vltrader:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.8.0.21" ,
"matchCriteriaId" : "01120D67-ED19-4B22-9484-A39715E02058"
}
]
}
]
}
] ,
2024-10-28 03:03:22 +00:00
"references" : [
{
"url" : "https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory" ,
2024-12-20 17:03:44 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2024-10-28 03:03:22 +00:00
}
]
}
