Description
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
References (2)
Core 2
Core References
Permissions Required
https://drive.google.com/file/d/1owG3_2oVpoCb34Mb7nCYZNrjW8cFxpzN/view?usp=sharing
Scores
CVSS v3
8.1
EPSS
0.0023
EPSS Percentile
45.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
ncr/terminal_handler
1.5.1
Published
Jun 23, 2025
Tracked Since
Feb 18, 2026