The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-50623 vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
The flaw impacts multiple Cleo products including Harmony, VLTrader, and LexiCom.
Cleo advises customers to upgrade to the latest patch (version 5.8.0.21) to address the vulnerability.
CISA orders federal agencies to fix this vulnerability by January 3, 2025.