Main Vulnerability Database Exploits ID:5785 - Exploit for Permissions, Privileges, and Access Controls in Kronos webTA - CVE-2020-8494

ID:5785 - Exploit for Permissions, Privileges, and Access Controls in Kronos webTA - CVE-2020-8494

Published: June 17, 2021

Vulnerability identifier: #VU24798

Vulnerability risk: Medium

CVE-ID: CVE-2020-8494

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Kronos webTA

Link to public exploit:

https://www.exploit-db.com/exploits/48001/

Vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists within the "emp_id", "userid", "pw1", "pw2", "supervisor" and "timekeeper" parameters due to the "com.threeis.webta.H402editUser" servlet allows a remote attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application.

This vulnerability affects the following versions of Kronos Web Time and Attendance:

3.8.x and later

Remediation

Install updates from vendor's website.

ID:5785 - Exploit for Permissions, Privileges, and Access Controls in Kronos webTA - CVE-2020-8494

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human