CVE-2020-14982

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:04

Type Values Removed Values Added
References () https://www.mindpointgroup.com/articles/ - Third Party Advisory () https://www.mindpointgroup.com/articles/ - Third Party Advisory
References () https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/ - Exploit, Third Party Advisory () https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/ - Exploit, Third Party Advisory

Information

Published : 2020-07-15 21:15

Updated : 2024-11-21 05:04


NVD link : CVE-2020-14982

Mitre link : CVE-2020-14982

CVE.ORG link : CVE-2020-14982


JSON object : View

Products Affected

kronos

  • web_time_and_attendance
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')