CVE-2023-24368

Name of the Vulnerable Software and Affected Versions Temenos T24 Release 20

Description The issue concerns incorrect access control, potentially allowing attackers to gain unauthorized access to sensitive information. This can be achieved via a crafted POST request to the "HELPTEXT.MAINMENU" endpoint. The vendor has disputed this issue, stating that the access level granted is in line with business requirements.

Recommendations For Temenos T24 Release 20, consider restricting access to the "HELPTEXT.MAINMENU" endpoint to minimize the risk of exploitation. As a temporary workaround, review and adjust the access control settings to ensure they align with the intended business requirements. At the moment, there is no information about a newer version that contains a fix for this issue.