CVE-2023-47298

Medium CVSS: 4.3

An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.

Vendor

Ncr

Product

Terminal Handler

CWE

CWE-200

Yayın Tarihi

2025-06-23 15:15:26

Güncelleme

2025-06-26 12:44:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-200 Terminal Handler MEDIUM Ncr 2025

Referanslar

https://drive.google.com/file/d/1-BDd0ycuYhuxo-lg4th-Cswimoqqzkot/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47298/CVE-2023-47298.md

Benzer Kayıtlar

Critical

CVE-2023-47030

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive informa…

Critical

CVE-2023-47029

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive informa…

Critical

CVE-2023-47031

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to t…

High

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, l…

Critical

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injectin…

Critical

CVE-2023-47032

Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted…