Cleo LexiCom < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo LexiCom running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2024-55956

CVE-2024-55956 affects Cleo Harmony, VLTrader, and LexiCom prior to version 5.8.0.24. The vulnerability allows unauthenticated attackers to import and execute arbitrary Bash or PowerShell commands on the host by abusing the default Autorun directory, effectively a remote code execution via an una...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. Recent assessments: sfewer-r7 at July 11, 2025 9:37am UTC reported: CVE-2024-50623 allows a remote unauthenticated...

PT-2024-10294

Name of the Vulnerable Software and Affected Versions Cleo Harmony versions prior to 5.8.0.21 Cleo VLTrader versions prior to 5.8.0.21 Cleo LexiCom versions prior to 5.8.0.21 Description A critical vulnerability in Cleo's file transfer software is being actively exploited, allowing unauthenticate...

Cleo LexiCom 安全漏洞

Cleo LexiCom is an integrated platform from Cleo, Inc. Accelerate EDI automation, speed trade partner onboarding and easily resolve EDI issues. A security vulnerability exists in Cleo LexiCom 5.5.0.0, which can be exploited by an attacker to bypass the requirement for the sender of an AS2 message...