CVE-2023-47024

Name of the Vulnerable Software and Affected Versions NCR Terminal Handler version 1.5.1

Description The issue is related to Cross-Site Request Forgery (CSRF) that can lead to a one-click account takeover. It is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types. A remote attacker can obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component.

Recommendations For NCR Terminal Handler version 1.5.1, consider disabling the UserSelfService component until a patch is available to prevent exploitation. Restrict access to the WSDL function with weak security controls to minimize the risk of accepting custom content types. At the moment, there is no information about a newer version that contains a fix for this vulnerability.