CVE-2023-47298

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1

Description: An issue allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application, including their usernames, roles, security groups, and account statuses.

Recommendations: For NCR Terminal Handler version 1.5.1, consider restricting access to the SOAP API endpoint to minimize the risk of exploitation. As a temporary workaround, limit the privileges of low-level authenticated attackers to prevent them from querying sensitive user information.