Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

kronos webta vulnerabilities and exploits

(subscribe to this query)
9.3
CVSSv2
CVE-2020-35604
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
Kronos Web Time And Attendance 5.0.4
4
CVSSv2
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later prior to 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
Kronos Web Time And Attendance
3.5
CVSSv2
CVE-2020-8493
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions prior to 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated adminis...
Kronos Web Time And Attendance
6.5
CVSSv2
CVE-2020-8494
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via ...
Kronos Web Time And Attendance
6
CVSSv2
CVE-2020-8495
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions prior to 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, dele...
Kronos Web Time And Attendance
3.5
CVSSv2
CVE-2020-8496
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions prior to 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.
Kronos Web Time And Attendance 4.1.17Kronos Web Time And Attendance
4.3
CVSSv2
CVE-2008-6666
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote malicious users to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610...
Kronos Kronos Webta -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook