Security Advisory

CVE-2020-14982

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-07-15 20:09:33

Last updated 2024-08-04 13:00:52

Assigner mitre

State PUBLISHED

Description

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlets SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.

← Browse all CVEs View on cve.org ↗