Lucene search
K
KronosWeb Time And Attendance

6 matches found

CVE
CVE
added 2020/01/30 9:18 p.m.111 views

CVE-2020-8495

Kronos WebTA 3.8.x and 3.x before 4.0 contains a privilege-escalation vulnerability in the com.threeis.webta.H491delegate servlet. An attacker with Timekeeper or Supervisor privileges can exploit the delegate, delegateRole, and delegatorUserId parameters to gain unauthorized administrative privil...

7.5CVSS7.8AI score0.03138EPSS
CVE
CVE
added 2020/01/30 9:18 p.m.107 views

CVE-2020-8493

CVE-2020-8493 describes a stored XSS vulnerability in Kronos Web Time and Attendance (webTA). The issue affects version 3.8.x and later 3.x before 4.0 via multiple input fields (Login Message, Banner Message, Password Instructions) of the servlet com.threeis.webta.H261configMenu when accessed by ...

6.9CVSS6AI score0.01494EPSS
CVE
CVE
added 2020/01/30 9:18 p.m.104 views

CVE-2020-8494

Kronos WebTA (webTA) 3.8.x and 3.x versions prior to 4.0 are affected by CVE-2020-8494 via the com.threeis.webta.H402editUser servlet, allowing a user with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges through parameters such as emp_id, useri...

8.8CVSS8.7AI score0.01107EPSS
CVE
CVE
added 2020/01/30 9:17 p.m.69 views

CVE-2020-8496

CVE-2020-8496 affects Kronos Web Time and Attendance (webTA). A Stored XSS vulnerability exists in the /ApplicationBanner page triggered by the Application Banner input when the user is an authenticated administrator. The issue affects webTA 4.1.x and later 4.x versions up to, but not including, ...

6.9CVSS4.8AI score0.00548EPSS
CVE
CVE
added 2020/07/15 8:9 p.m.60 views

CVE-2020-14982

CVE-2020-14982 describes a Blind SQL Injection in Kronos WebTA 3.8.x and later until 4.0, affecting the com.threeis.webta.H352premPayRequest servlet’s SortBy parameter. An attacker with the Employee, Supervisor, or Timekeeper role can read sensitive data from the database. The available connected...

6.5CVSS6.8AI score0.01284EPSS
CVE
CVE
added 2020/12/21 6:57 p.m.50 views

CVE-2020-35604

Kronos WebTA 5.0.4 with SAML enabled is affected by an XXE vulnerability. Multiple sources confirm an external-entity injection flaw in the XML processing when SAML is used, enabling a successful XXE attack. The issue is described as enabling access to sensitive information, with high-severity im...

9.8CVSS9.3AI score0.01631EPSS