Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47294 | 1 Ncr | 1 Terminal Handler | 2025-07-02 | N/A | 8.1 HIGH |
| An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie. | |||||
| CVE-2023-47029 | 1 Ncr | 1 Terminal Handler | 2025-07-02 | N/A | 9.8 CRITICAL |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component | |||||
| CVE-2023-47297 | 1 Ncr | 1 Terminal Handler | 2025-06-26 | N/A | 9.8 CRITICAL |
| A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. | |||||
| CVE-2023-47298 | 1 Ncr | 1 Terminal Handler | 2025-06-26 | N/A | 4.3 MEDIUM |
| An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses. | |||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | |||||
| CVE-2023-47295 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. | |||||
| CVE-2023-47031 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. | |||||
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | |||||
| CVE-2023-47022 | 1 Ncr | 1 Terminal Handler | 2025-06-17 | N/A | 6.5 MEDIUM |
| Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | |||||