cbcvebase.

Ncr Terminal Handler vulnerabilities

9 known vulnerabilities affecting ncr/terminal_handler.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-47031P2CRITICALCVSS 9.8v1.5.12025-06-23
CVE-2023-47031 [CRITICAL] CWE-284 CVE-2023-47031: An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a craft An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
nvd
CVE-2023-47032P2CRITICALCVSS 9.8v1.5.12025-06-23
CVE-2023-47032 [CRITICAL] CWE-94 CVE-2023-47032: Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
nvd
CVE-2023-47297P3CRITICALCVSS 9.8v1.5.12025-06-23
CVE-2023-47297 [CRITICAL] CWE-284 CVE-2023-47297: A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arb A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
nvd
CVE-2023-47030P3CRITICALCVSS 9.8v1.5.12025-06-23
CVE-2023-47030 [CRITICAL] CWE-94 CVE-2023-47030: An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obta An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
nvd
CVE-2023-47029P3CRITICALCVSS 9.8v1.5.12025-06-23
CVE-2023-47029 [CRITICAL] CWE-200 CVE-2023-47029: An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obta An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
nvd
CVE-2023-47295P3CRITICALCVSS 9.8v1.5.12025-06-23
CVE-2023-47295 [CRITICAL] CWE-1236 CVE-2023-47295: A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary c A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
nvd
CVE-2023-47294P3HIGHCVSS 8.1v1.5.12025-06-23
CVE-2023-47294 [HIGH] CWE-284 CVE-2023-47294: An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbit An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
nvd
CVE-2023-47022P4MEDIUMCVSS 6.5v1.5.12024-02-06
CVE-2023-47022 [MEDIUM] CWE-639 CVE-2023-47022: Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
nvd
CVE-2023-47298P4MEDIUMCVSS 4.3v1.5.12025-06-23
CVE-2023-47298 [MEDIUM] CWE-200 CVE-2023-47298: An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
nvd
Ncr Terminal Handler vulnerabilities | cvebase