exploitDog

CVE-2020-14982

Опубликовано: 15 июл. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.

Ссылки

https://www.mindpointgroup.com/articles/
Third Party Advisory
https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/
Exploit
Third Party Advisory
https://www.mindpointgroup.com/articles/
Third Party Advisory
https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*

Версия от 3.8 (включая) до 4.0 (исключая)

EPSS

Процентиль: 53%

0.00296

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-r234-xxf3-j66w

github

больше 3 лет назад

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.

EPSS

Процентиль: 53%

0.00296

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89