Vulnerabilities > Osisoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-08 | CVE-2018-19006 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017 OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. | 4.8 |
| 2018-04-03 | CVE-2016-8365 | Improper Access Control vulnerability in Osisoft products OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. | 5.5 |
| 2018-03-14 | CVE-2018-7531 | Improper Input Validation vulnerability in Osisoft PI Data Archive 2017/3.4.430.460 An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. | 5.9 |
| 2018-03-14 | CVE-2018-7508 | Cross-site Scripting vulnerability in Osisoft PI Vision and PI web API A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. | 6.1 |
| 2018-03-14 | CVE-2018-7504 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017 A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. | 6.1 |
| 2018-03-14 | CVE-2018-7496 | Information Exposure vulnerability in Osisoft PI Vision 2017 An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. | 5.3 |
| 2017-08-25 | CVE-2017-7934 | Improper Authentication vulnerability in Osisoft PI Data Archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. | 5.9 |
| 2017-08-14 | CVE-2017-9655 | Cross-site Scripting vulnerability in Osisoft products A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. | 5.4 |
| 2017-02-13 | CVE-2016-8353 | Permissions, Privileges, and Access Controls vulnerability in Osisoft PI web API 2015 R2 1.5.1 An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). | 6.4 |
| 2016-06-19 | CVE-2016-4530 | Improper Input Validation vulnerability in Osisoft PI SQL Data Access Server 2016 1.5 OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | 6.5 |