CVE-2020-14982
CVE-2020-14982 describes a Blind SQL Injection in Kronos WebTA 3.8.x and later until 4.0, affecting the com.threeis.webta.H352premPayRequest servlet’s SortBy parameter. An attacker with the Employee, Supervisor, or Timekeeper role can read sensitive data from the database. The available connected...