CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13516
https://notcve.org/view.php?id=CVE-2019-13516
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. En OSIsoft PI Web API y anteriores, el producto afectado es vulnerable a un ataque directo debido a una configuración de la protección de cross-site request forgery que no ha tenido efecto. • https://www.us-cert.gov/ics/advisories/icsa-19-225-02 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-693: Protection Mechanism Failure •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13515
https://notcve.org/view.php?id=CVE-2019-13515
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. OSIsoft PI Web API versión 2018 y anteriores, puede permitir la divulgación de información confidencial. • https://www.us-cert.gov/ics/advisories/icsa-19-225-02 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7508
https://notcve.org/view.php?id=CVE-2018-7508
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. e ha descubierto un problema de Cross-Site Scripting (XSS) en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Podría darse Cross-Site Scripting (XSS) cuando las entradas se neutralizan de forma incorrecta. • http://www.securityfocus.com/bid/103396 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7500
https://notcve.org/view.php?id=CVE-2018-7500
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. Se ha descubierto un problema de permisos, privilegios y controles de acceso en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Se podría escalar privilegios, lo que daría a los atacantes acceso al sistema PI mediante la cuenta de servicio. • http://www.securityfocus.com/bid/103396 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7926
https://notcve.org/view.php?id=CVE-2017-7926
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. Se ha descubierto un problema de Cross-Site Request Forgery en OSIsoft PI Web API en versiones anteriores a la 2017 (1.9.0). Esta vulnerabilidad permite que ocurran ataques Cross-Site Request Forgery (CSRF) cuando una petición cross-site que normalmente no tendría autorización es enviada desde un navegador previamente autenticado por el servidor. • http://www.securityfocus.com/bid/99058 https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03 • CWE-352: Cross-Site Request Forgery (CSRF) •