Kronos Web Time And Attendance — known CVE vulnerabilities
Every CVE whose affected-product data names Kronos Web Time And Attendance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2020-8494 — CVSS 8.8 (high): In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an…
CVE-2020-8495 — CVSS 7.5 (high): In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an…
CVE-2020-14982 — CVSS 6.5 (medium): A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest…
CVE-2020-8493 — CVSS 4.8 (medium): A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input…
CVE-2020-8496 — CVSS 4.8 (medium): In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the…