CVE Tools

ncr

Unclassifiedunknown

19

Cumulative CVEs

5

Monthly snapshots

#27

Peak rank

Top products

terminal handler8 itm web terminal1

Latest CVEs

The 15 most recently published vulnerabilities affecting ncr.

CVE-2023-48978An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.9.8Jun 23, 2025
CVE-2023-47298An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including ...4.3Jun 23, 2025
CVE-2023-47297A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.9.8Jun 23, 2025
CVE-2023-47295A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.9.8Jun 23, 2025
CVE-2023-47294An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.8.1Jun 23, 2025
CVE-2023-47032Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.9.8Jun 23, 2025
CVE-2023-47031An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP A...9.8Jun 23, 2025
CVE-2023-47030An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a us...9.8Jun 23, 2025
CVE-2023-47029An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component9.8Jun 23, 2025
CVE-2023-47022Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.6.5Feb 6, 2024
CVE-2021-3122CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticat...9.8Feb 7, 2021
CVE-2020-9063NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an at...7.6Aug 21, 2020
CVE-2020-10126NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to rest...7.6Aug 21, 2020
CVE-2020-10125NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical...7.6Aug 21, 2020
CVE-2020-10124NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical acc...7.1Aug 21, 2020