exploitDog

CVE-2023-47022

Опубликовано: 06 фев. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.

Ссылки

https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022
Third Party Advisory
https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00121

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

CWE-639

Связанные уязвимости

GHSA-mf94-378q-xvc3

CVSS3: 6.5

github

около 2 лет назад

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the payload parameter.

EPSS

Процентиль: 31%

0.00121

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

CWE-639