本頁列出影響 ncr terminal_handler 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-47030 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | [email protected] | 9.8 | 0.63% | 2025-06-23 | 2026-06-17 |
| CVE-2023-47029 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component | [email protected] | 9.8 | 0.62% | 2025-06-23 | 2026-06-17 |
| CVE-2023-47031 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. | [email protected] | 9.8 | 0.52% | 2025-06-23 | 2026-07-05 |
| CVE-2023-47295 | A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. | [email protected] | 9.8 | 0.48% | 2025-06-23 | 2026-06-17 |
| CVE-2023-47294 | An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie. | [email protected] | 8.1 | 0.28% | 2025-06-23 | 2026-06-17 |
| CVE-2023-47032 | Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | [email protected] | 9.8 | 0.70% | 2025-06-23 | 2026-06-17 |
| CVE-2023-47298 | An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses. | [email protected] | 4.3 | 0.19% | 2025-06-23 | 2026-06-17 |
| CVE-2023-47297 | A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. | [email protected] | 9.8 | 0.45% | 2025-06-23 | 2026-06-17 |
| CVE-2023-47022 | Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | [email protected] | 6.5 | 0.34% | 2024-02-05 | 2026-06-17 |