PT-2024-17681 · Cleo · Lexicom+2

Published

2024-12-13

Updated

2024-12-13

CVE-2024-12632

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Cleo Harmony versions up to and including 5.8.0.21 VLTrader versions up to and including 5.8.0.21 LexiCom versions up to and including 5.8.0.21

Description The issue concerns an unrestricted file upload and download, which could potentially lead to remote code execution.

Recommendations For Cleo Harmony versions up to and including 5.8.0.21, restrict file upload and download capabilities to prevent remote code execution. For VLTrader versions up to and including 5.8.0.21, restrict file upload and download capabilities to prevent remote code execution. For LexiCom versions up to and including 5.8.0.21, restrict file upload and download capabilities to prevent remote code execution.

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2024-12632

Affected Products

Cleo Harmony

Lexicom

Vltrader

PT-2024-17681 · Cleo · Lexicom+2

CVE-2024-12632

Weakness Enumeration

Related Identifiers

Affected Products

References · 2