cbcvebase.
CVE-2019-14251
published 2019-12-09

CVE-2019-14251: An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully…

PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.85%
94.0th percentile
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.

Affected

1 ranges
VendorProductVersion rangeFixed in
temenost24

Detection & IOCsextracted from sources · hover to see the quote

url/WealthT24/GetImage?docDownloadPath=/etc/passwd
url/WealthT24/GetImage?docDownloadPath=c:/windows/win.ini
path/WealthT24/GetImage
  • Monitor HTTP GET requests to /WealthT24/GetImage with 'docDownloadPath' or 'uploadLocation' query parameters containing path traversal sequences (e.g., /etc/passwd, c:/windows/win.ini) — these indicate active LFI exploitation attempts against TEMENOS T24.
  • The vulnerability is exploitable without authentication (unauthenticated LFI); alert on any unauthenticated requests to /WealthT24/GetImage regardless of session state.
  • A successful exploitation response (HTTP 200) containing Unix passwd file content (root:.*:0:0:) or Windows win.ini content ('for 16-bit app support') confirms active exploitation.
  • ·The vulnerable endpoint and parameters are specific to TEMENOS T24 version R15.01; confirm the affected version before deploying detections to avoid false positives on other versions.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.