Vulnerability Details CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
Products affected by CVE-2020-14982
-
cpe:2.3:a:kronos:web_time_and_attendance:3.8