Ncr Ncr

  1. Vendors
  2. Ncr
Do you want an email whenever new security vulnerabilities are reported in any Ncr product?

Products by Ncr Sorted by Most Security Vulnerabilities since 2018

Ncr Mp Ras2 vulnerabilities

Ncr Terminal Handler2 vulnerabilities

Ncr Command Center Agent1 vulnerability

By the Year

In 2024 there have been 2 vulnerabilities in Ncr with an average score of 7.7 out of ten. Ncr did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2024 as compared to last year.

Year Vulnerabilities Average Score
2024 2 7.65
2023 0 0.00
2022 0 0.00
2021 1 9.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Ncr vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ncr Security Vulnerabilities

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1

CVE-2023-47022 6.5 - Medium - February 06, 2024

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.

Insecure Direct Object Reference / IDOR

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover

CVE-2023-47024 8.8 - High - January 20, 2024

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

Session Riding

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089)

CVE-2021-3122 9.8 - Critical - February 07, 2021

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration."

Shell injection

Command execution in Sun systems

CVE-1999-0033 - June 12, 1997

Command execution in Sun systems via buffer overflow in the at program.

pcnfsd (aka rpc.pcnfsd)

CVE-1999-0078 - April 18, 1996

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.