CVE-2023-47298
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-23
Last updated on: 2025-06-26
Assigner: MITRE
Description
Description
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ncr | terminal_handler | 1.5.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint and obtain sensitive information about all users of the application, including their usernames, roles, security groups, and account statuses.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive user information, which could be used for further attacks such as privilege escalation, social engineering, or unauthorized access to the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70