CVE-2023-47031
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk42th percentile - higher than 42% of all known CVEs
Summary
A vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API components.
Risk Assessment
An attacker can gain unauthorized administrative privileges, leading to full system compromise and potential breach of data confidentiality and integrity.
Recommendation
Immediately update NCR Terminal Handler to the latest available version and restrict access to the SOAP API to trusted networks only.
Original NVD description (English source)
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.

