Lucene search

K
cvelistMitreCVELIST:CVE-2023-47024
HistoryJan 20, 2024 - 12:00 a.m.

CVE-2023-47024

2024-01-2000:00:00
mitre
www.cve.org
cross-site request forgery
ncr terminal handler
account takeover
wsdl
security controls

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

Related for CVELIST:CVE-2023-47024