2.1.2.19

DATE	CVE	VULNERABILITY TITLE	RISK
2015-05-26	CVE-2015-1013	SQL Injection vulnerability in Osisoft PI Server and PI SQL FOR AF OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements. network low complexity osisoft CWE-89	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.