Vulnerabilities > NCR > Command Center Agent
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-07 | CVE-2021-3122 | OS Command Injection vulnerability in NCR Command Center Agent 16.3 CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. | 9.8 |