Statement on CVE 2024-50623 Cleo Unrestricted File Upload and Download Vulnerability

December 23, 2024

Information

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

Risk

Not Applicable

Response

Melissa Data Corporation (“Melissa”) was not impacted by the Cleo vulnerability as Melissa does not utilize Cleo products for any Melissa commercial web services or products.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.