Vulnerabilities > NCR > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-02-07 CVE-2021-3122 OS Command Injection vulnerability in NCR Command Center Agent 16.3
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021.
network
low complexity
ncr CWE-78
critical
10.0