Vulnerabilities (CVE)

Filtered by vendor Ncratleos Subscribe
Filtered by product Terminal Handler
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47024 1 Ncratleos 1 Terminal Handler 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.
CVE-2023-47020 1 Ncratleos 1 Terminal Handler 2024-11-21 N/A 8.8 HIGH
Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.