exploitDog

CVE-2023-47298

Опубликовано: 23 июн. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.

Ссылки

https://drive.google.com/file/d/1-BDd0ycuYhuxo-lg4th-Cswimoqqzkot/view?usp=sharing
Permissions Required
https://github.com/pwahba/cve-research/blob/main/CVE-2023-47298/CVE-2023-47298.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-8q8c-hxch-vm5p

CVSS3: 4.3

github

8 месяцев назад

An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.

EPSS

Процентиль: 11%

0.00038

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200