Ncr
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Ncr product.
RSS Feeds for Ncr security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Ncr products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Ncr Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 9 vulnerabilities in Ncr. Last year, in 2024 Ncr had 2 security vulnerabilities published. That is, 7 more vulnerabilities have already been reported in 2025 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 9 | 0.00 |
| 2024 | 2 | 7.65 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ncr vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ncr Security Vulnerabilities
An issue in NCR Terminal Handler v.1.5.1
CVE-2023-47030
- June 23, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
An issue in NCR Terminal Handler v.1.5.1
CVE-2023-47029
- June 23, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
An issue in NCR Terminal Handler v.1.5.1
CVE-2023-47031
- June 23, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field
CVE-2023-47295
- June 23, 2025
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
Password Vulnerability in NCR Terminal Handler v.1.5.1
CVE-2023-47032
- June 23, 2025
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
An issue in NCR Terminal Handler v1.5.1
CVE-2023-47294
- June 23, 2025
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
An issue in NCR Terminal Handler 1.5.1
CVE-2023-47298
- June 23, 2025
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1
CVE-2023-47297
- June 23, 2025
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4
CVE-2023-48978
- June 23, 2025
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1
CVE-2023-47022
6.5 - Medium
- February 06, 2024
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
Insecure Direct Object Reference / IDOR