Blind SQL Injection Vulnerability in Kronos WebTA 3.8.x and Later

Blind SQL Injection Vulnerability in Kronos WebTA 3.8.x and Later

CVE-2020-14982 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.