Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Terminal Handler Security Vulnerabilities

cve
cve

CVE-2023-47020

Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...

8.8CVSS

8.6AI Score

0.001EPSS

2024-02-08 04:15 PM
18
cve
cve

CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.

6.5CVSS

6.7AI Score

0.001EPSS

2024-02-06 01:15 AM
14
cve
cve

CVE-2023-47024

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

8.8CVSS

8.7AI Score

0.001EPSS

2024-01-20 02:15 AM
12