Terminal Handler
by Ncr
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47294 | 0.00 | — | 0.00 | Jun 23, 2025 | An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie. | |||
| CVE-2023-47032 | 0.00 | — | 0.02 | Jun 23, 2025 | Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | |||
| CVE-2023-47295 | 0.00 | — | 0.00 | Jun 23, 2025 | A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. | |||
| CVE-2023-47298 | 0.00 | — | 0.00 | Jun 23, 2025 | An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses. | |||
| CVE-2023-47029 | 0.00 | — | 0.02 | Jun 23, 2025 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component | |||
| CVE-2023-47297 | 0.00 | — | 0.00 | Jun 23, 2025 | A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. | |||
| CVE-2023-47031 | 0.00 | — | 0.01 | Jun 23, 2025 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. | |||
| CVE-2023-47030 | 0.00 | — | 0.02 | Jun 23, 2025 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. |
- CVE-2023-47294Jun 23, 2025risk 0.00cvss —epss 0.00
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
- CVE-2023-47032Jun 23, 2025risk 0.00cvss —epss 0.02
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
- CVE-2023-47295Jun 23, 2025risk 0.00cvss —epss 0.00
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
- CVE-2023-47298Jun 23, 2025risk 0.00cvss —epss 0.00
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
- CVE-2023-47029Jun 23, 2025risk 0.00cvss —epss 0.02
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
- CVE-2023-47297Jun 23, 2025risk 0.00cvss —epss 0.00
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
- CVE-2023-47031Jun 23, 2025risk 0.00cvss —epss 0.01
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
- CVE-2023-47030Jun 23, 2025risk 0.00cvss —epss 0.02
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.