Shodan
Vulnerabilities
Vulnerable Software
Ncr:  Security Vulnerabilities
CVE-2023-47030
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-06-23
CVE-2023-47029
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
CVSS Score
9.8
EPSS Score
0.003
Published
2025-06-23
CVE-2023-47031
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-23
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-06-23
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-23
CVE-2023-47032
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-06-23
CVE-2023-47298
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-23
CVE-2023-48978
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-06-23
CVE-2023-47297
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-23
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved