{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T03:21:11.562","vulnerabilities":[{"cve":{"id":"CVE-2020-14982","sourceIdentifier":"cve@mitre.org","published":"2020-07-15T21:15:12.380","lastModified":"2024-11-21T05:04:34.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database."},{"lang":"es","value":"Una vulnerabilidad de Inyección SQL Ciega en Kronos WebTA versiones 3.8.x y posteriores a 4.0, (que afecta el parámetro SortBy del servlet com.threeis.webta.H352premPayRequest) permite a un atacante con el rol de Empleado, Supervisor o Cronometrador leer datos confidenciales de la base de datos"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kronos:web_time_and_attendance:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.0","matchCriteriaId":"3400EE4B-5B36-4C46-A208-807129645AD6"}]}]}],"references":[{"url":"https://www.mindpointgroup.com/articles/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.mindpointgroup.com/articles/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mindpointgroup.com/blog/webta-sqli-vulnerability/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}