← back
CVE-2020-8495high

CVE-2020-8495

41Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendcvss 7.5epss 3.1%
from disclosure to weapon6 days
Published on NVDJan 30
1st PoC+6d
exploitation probability
3.1%top 14% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters.
CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.