CVE-2023-47022
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
Un problema en NCR Terminal Handler v.1.5.1 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el parámetro payload.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-30 CVE Reserved
- 2024-02-06 CVE Published
- 2024-02-14 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ncr Search vendor "Ncr" | Terminal Handler Search vendor "Ncr" for product "Terminal Handler" | 1.5.1 Search vendor "Ncr" for product "Terminal Handler" and version "1.5.1" | - |
Affected
| ||||||