CVE-2019-14251 Scanner

TEMENOS T24 is a comprehensive banking software platform that integrates and manages all core banking capabilities, such as account management and transactions, customer management, risk and compliance, and product and channel management. It empowers banks and financial institutions to offer innovative and personalized banking experiences to their customers while reducing operational costs and risks. TEMENOS T24 is widely used by banks, credit unions, and microfinance institutions worldwide.

One of the vulnerabilities detected in TEMENOS T24 is CVE-2019-14251. This vulnerability allows attackers to access files or directories that are outside of the restricted directory by leveraging downloadDocServer() in the login page's JavaScript functions. This exploit is possible because the WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.

If exploited, CVE-2019-14251 can lead to severe consequences for banks and financial institutions. Attackers can gain access to sensitive customer data, such as account details, personal information, and transaction history. They can also manipulate or delete critical files, disrupt banking operations, and cause reputational damage. Moreover, regulatory compliance can be compromised, resulting in legal fines and penalties.

Thanks to the pro features of the securityforeveryone.com platform, those who have read this article can stay up-to-date on vulnerabilities in their digital assets quickly and easily. Securityforeveryone.com provides comprehensive vulnerability scanning, penetration testing, and compliance management services that help businesses stay ahead of evolving cyber threats. Don't wait until it's too late- protect your assets with securityforeveryone.com.

REFERENCES

• https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt