N/A

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

N/A

N/A

NCR Atleos Terminal Handler 跨站请求伪造漏洞

NCR Atleos Terminal Handler是NCR Atleos公司的一款 ATM 企业软件解决方案，可降低成本、提高业务敏捷性并提高您的竞争优势。 NCR Atleos Terminal Handler v.1.5.1版本存在跨站请求伪造漏洞，该漏洞源于允许远程攻击者通过UserSelfService 组件使用精心设计的脚本获取敏感信息并升级权限。

N/A

N/A