PT-2017-18001 · Osisoft · Osisoft Pi Web Api

Published

2017-08-25

Updated

2019-10-09

CVE-2017-7926

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OSIsoft PI Web API versions prior to 2017 (1.9.0)

Description A Cross-Site Request Forgery issue allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated.

Recommendations For versions prior to 2017 (1.9.0), update to version 2017 (1.9.0) or later to resolve the issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-7926

Affected Products

Osisoft Pi Web Api

PT-2017-18001 · Osisoft · Osisoft Pi Web Api

CVE-2017-7926

Weakness Enumeration

Related Identifiers

Affected Products

References · 4