CVE-2020-14982

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-15 21:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-14982

Mitre link : CVE-2020-14982

CVE.ORG link : CVE-2020-14982


JSON object : View

Products Affected

kronos

  • web_time_and_attendance
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')