CVE-2020-14982

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
References
Configurations

Configuration 1

cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*

Information

Published : 2020-07-15 09:15

Updated : 2020-07-22 05:26


NVD link : CVE-2020-14982

Mitre link : CVE-2020-14982

Products Affected
No products.
CWE