CVE-2023-47030

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1

Description: An issue in NCR Terminal Handler allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a "UserService" SOAP API endpoint to validate if a user exists.

Recommendations: For NCR Terminal Handler version 1.5.1, consider disabling the UserService SOAP API endpoint until a patch is available to prevent remote code execution and sensitive information disclosure. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the UserService endpoint for user validation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.