CVE-2020-8495

Опубликовано: 30 янв. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 6

EPSS Низкий

Описание

In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters.

Ссылки

http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html
Exploit
Third Party Advisory
http://www.nolanbkennedy.com/post/privilege-escalation-in-kronos-web-time-and-attendance-webta
Exploit
Third Party Advisory
https://www.kronos.com/products/kronos-webta
Product
Vendor Advisory
http://packetstormsecurity.com/files/156215/Kronos-WebTA-4.0-Privilege-Escalation-Cross-Site-Scripting.html
Exploit
Third Party Advisory
http://www.nolanbkennedy.com/post/privilege-escalation-in-kronos-web-time-and-attendance-webta
Exploit
Third Party Advisory
https://www.kronos.com/products/kronos-webta
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*

Версия от 3.8 (включая) до 4.0 (исключая)

EPSS

Процентиль: 89%

0.04966

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-pjg7-vmgm-6qrp

github

больше 3 лет назад

EPSS

Процентиль: 89%

0.04966

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-862