Pi Web Api
Approved changes feed: RSS · Atom
cpe:2.3:a:osisoft:pi_web_api:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Osisoft (773be19d-2e5d-5fef-8fcd-1eaca9773a63) |
|---|---|
| Product | Pi Web Api (0d35ca5f-dc67-5c26-9929-464d31f5f795) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/osisoft/sample-pi_web_api-common_actions-angular |
purl2cpe | 2026-06-01 10:13:04.912308 |
pkg:github/z-burke/osisoft-pi-web-api-samples |
purl2cpe | 2026-06-01 10:13:04.912310 |
pkg:npm/node-red-contrib-osisoft-web-api |
purl2cpe | 2026-06-01 10:13:04.912313 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-43549 |
vulnerable | 2026-06-03 14:45:34.438221 |
OSIsoft PI Web API
MEDIUM (6.9)
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.
Published: 2021-11-18T14:18:48.609Z
Updated: 2024-09-16T23:00:26.909Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-12021 |
vulnerable | 2026-06-03 14:41:33.141683 |
Details available
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
Published: 2020-06-23T21:36:23.000Z
Updated: 2024-08-04T11:48:57.978Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13516 |
vulnerable | 2026-06-03 14:39:42.671511 |
Details available
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.
Published: 2019-08-15T18:49:15.000Z
Updated: 2024-08-04T23:57:39.193Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13515 |
vulnerable | 2026-06-03 14:39:42.671101 |
Details available
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
Published: 2019-08-15T18:39:36.000Z
Updated: 2024-08-04T23:57:39.455Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7508 |
vulnerable | 2026-06-03 14:39:06.988603 |
Details available
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.
Published: 2018-03-14T18:00:00.000Z
Updated: 2024-08-05T06:31:03.702Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7500 |
vulnerable | 2026-06-03 14:39:06.978392 |
Details available
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account.
Published: 2018-03-14T18:00:00.000Z
Updated: 2024-08-05T06:31:04.282Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.