30T4

**Name of the Vulnerable Software and Affected Versions** NCR Terminal Handler version 1.5.1 **Description** The issue involves Multiple Cross-Site Request Forgery (CSRF) chaining, allowing an attacker to escalate privileges through a crafted request. This request involves user account creation and adding the user to an administrator group. The exploitation is facilitated by an undisclosed function in the WSDL that lacks security controls and can accept custom content types. **Recommendations** For NCR Terminal Handler version 1.5.1, consider disabling the WSDL function that lacks security controls until a patch is available to prevent the acceptance of custom content types and mitigate the risk of CSRF chaining. Restrict access to user account creation and administrator group management to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NCR Terminal Handler version 1.5.1 **Description** The issue allows an unprivileged user to edit the audit logs for any user, potentially leading to CSV injection. It also enables a remote attacker to execute arbitrary code via a crafted script to the `payload` parameter. **Recommendations** For NCR Terminal Handler version 1.5.1, consider restricting access to the audit logs and limiting the ability to edit them until a patch is available. As a temporary workaround, avoid using the `payload` parameter in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NCR Terminal Handler version 1.5.1 **Description** The issue is related to Cross-Site Request Forgery (CSRF) that can lead to a one-click account takeover. It is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types. A remote attacker can obtain sensitive information and escalate privileges via a crafted script to the `UserSelfService` component. **Recommendations** For NCR Terminal Handler version 1.5.1, consider disabling the `UserSelfService` component until a patch is available to prevent exploitation. Restrict access to the WSDL function with weak security controls to minimize the risk of accepting custom content types. At the moment, there is no information about a newer version that contains a fix for this vulnerability.