Every CVE whose affected-product data names Osisoft Pi Web Api, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-7500 — CVSS 9.8 (critical): A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be…
CVE-2020-12021 — CVSS 9.0 (critical): In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting…
CVE-2019-13516 — CVSS 8.8 (high): In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection…
CVE-2017-7926 — CVSS 8.8 (high): A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site…
CVE-2017-5153 — CVSS 7.8 (high): An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services…
CVE-2021-43549 — CVSS 6.9 (medium): A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and…
CVE-2018-7508 — CVSS 6.1 (medium): A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is…