Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kronos web time and attendance vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-8496
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions prior to 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.
Kronos Web Time And Attendance
Kronos Web Time And Attendance 4.1.17
6.5
CVSSv3
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later prior to 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
Kronos Web Time And Attendance
4.8
CVSSv3
CVE-2020-8493
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions prior to 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated adminis...
Kronos Web Time And Attendance
8.8
CVSSv3
CVE-2020-8494
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via ...
Kronos Web Time And Attendance
7.5
CVSSv3
CVE-2020-8495
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, dele...
Kronos Web Time And Attendance
9.8
CVSSv3
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
Kronos Web Time And Attendance 5.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started