Vulnerabilities > CVE-2023-47022 - Improper Neutralization of Formula Elements in a CSV File vulnerability in NCR Terminal Handler 1.5.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

ncr

CWE-1236

NVD

Published: 2024-02-06

Updated: 2024-02-13

Summary

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.

Vulnerable Configurations

Part	Description	Count
Application	Ncr NCR Terminal Handler 1.5.1	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022