ГлавнаяУязвимости → CVE-2023-47024
8.8высокая

CVE-2023-47024

Описание

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

Затрагиваемое ПО
Ncratleos Terminal handler
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharinghttps://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharinghttps://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024