Vulnerabilities > CVE-2020-35604 - XXE vulnerability in Kronos web Time and Attendance 5.0.4

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
kronos
CWE-611
critical
NVD
Published: 2020-12-21
Updated: 2020-12-22

Summary

An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.

Vulnerable Configurations

Part Description Count
Application
Kronos
1

Common Weakness Enumeration (CWE)

References