Vulnerabilities > CVE-2020-35604 - XXE vulnerability in Kronos web Time and Attendance 5.0.4

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
kronos
CWE-611
critical
NVD
Published: 2020-12-21
Updated: 2020-12-22

Summary

An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.

Vulnerable Configurations

Part Description Count
Application
Kronos
1

Common Weakness Enumeration (CWE)

References