Ncr

By the Year

In 2026 there have been 0 vulnerabilities in Ncr. Last year, in 2025 Ncr had 9 security vulnerabilities published. Right now, Ncr is on track to have less security vulnerabilities in 2026 than it did last year.

Recent Ncr Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2023-47030	Jun 23, 2025	NCR Terminal Handler v1.5.1 CODE EXEC via SOAP UserService GET An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.	Terminal Handler
CVE-2023-47029	Jun 23, 2025	NCR Terminal Handler 1.5.1 RCE via crafted POST to UserService An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component	Terminal Handler
CVE-2023-47031	Jun 23, 2025	Privilege Escalation in NCR Terminal Handler 1.5.1 via grantRoles SOAP API An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.	Terminal Handler
CVE-2023-47294	Jun 23, 2025	NCR Terminal Handler 1.5.1: Authenticated Cookie Forgery Allows Account Deletion An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.	Terminal Handler
CVE-2023-47295	Jun 23, 2025	CSV injection in NCR Terminal Handler v1.5.1 exec arbitrary commands A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.	Terminal Handler
CVE-2023-47032	Jun 23, 2025	NCR Terminal Handler 1.5.1 RCE via UserService SOAP API Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.	Terminal Handler
CVE-2023-48978	Jun 23, 2025	NCR ITM Web Terminal 4.4.0/4.4.4 RCE via Crafted IP Camera URL Script An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.	Itm Web Terminal
CVE-2023-47297	Jun 23, 2025	Command Injection in NCR Terminal Handler 1.5.1 via Settings A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.	Terminal Handler
CVE-2023-47298	Jun 23, 2025	NCR Terminal Handler 1.5.1 SOAP API User Enumeration (CVE-2023-47298) An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.	Terminal Handler
CVE-2023-47020	Feb 08, 2024	CSRF Chaining Privilege Escalation in NCR Terminal Handler v1.5.1 via WSDL Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.	Terminal Handler