GCVE - cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*

part: a version: 1.5.1 update: *

Vendor	Ncr (`a2a127bc-be88-5d44-a97d-c4450fbe1cf5`)
Product	Terminal Handler (`61a680e5-dace-532f-a295-e5bfaf81be5b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-47298`	vulnerable	2026-06-03 14:53:17.348463	Details available An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses. Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-24T15:54:26.649Z Open on db.gcve.eu Reference links https://drive.google.com/file/d/1-BDd0ycuYhuxo-lg4th-Cswimoqqzkot/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47298/CVE-2023-47298.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47297`	vulnerable	2026-06-03 14:53:17.348217	Details available A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-24T17:40:47.591Z Open on db.gcve.eu Reference links https://drive.google.com/file/d/1YzoJ2QuI9LEEpF8r5ZiCdTQtR9hfsXl7/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47297/CVE-2023-47297.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47295`	vulnerable	2026-06-03 14:53:17.347942	Details available A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-24T17:53:35.350Z Open on db.gcve.eu Reference links https://drive.google.com/file/d/14uldfUpLRIc-NfHiUco0ja-ZiF0MazGA/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47295/CVE-2023-47295.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47294`	vulnerable	2026-06-03 14:53:17.347660	Details available An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie. Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-26T15:11:39.439Z Open on db.gcve.eu Reference links https://drive.google.com/file/d/1owG3_2oVpoCb34Mb7nCYZNrjW8cFxpzN/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47294/CVE-2023-47294.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47032`	vulnerable	2026-06-03 14:53:16.775439	Details available Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-24T17:54:34.767Z Open on db.gcve.eu Reference links https://drive.google.com/file/d/1rTKc2nxEc40VTItJiJ9moZ5VrHG3xQuj/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47032/CVE-2023-47032.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47031`	vulnerable	2026-06-03 14:53:16.775162	Details available An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-24T17:55:28.841Z Open on db.gcve.eu Reference links http://terminal.com http://ncr.com https://drive.google.com/file/d/1f9riw_seicV9MB7pRQJFY-8voxkW8ZYH/view?usp=sharing	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47030`	vulnerable	2026-06-03 14:53:16.774801	Details available An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-24T17:58:32.441Z Open on db.gcve.eu Reference links https://drive.google.com/file/d/1ujUcB8XEs78WwWzs8cmD-u1Twqi10yEh/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47030/CVE-2023-47030.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47029`	vulnerable	2026-06-03 14:53:16.774304	Details available An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component Published: 2025-06-23T00:00:00.000Z Updated: 2025-06-26T15:08:53.266Z Open on db.gcve.eu Reference links https://drive.google.com/file/d/1oX5uKnWGiYMaBxnBuqPiOA53XLxv1Ef4/view?usp=sharing https://github.com/pwahba/cve-research/blob/main/CVE-2023-47029/CVE-2023-47029.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47022`	vulnerable	2026-06-03 14:53:16.771832	Details available Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. Published: 2024-02-06T00:00:00.000Z Updated: 2025-06-17T16:15:54.602Z Open on db.gcve.eu Reference links https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.