CVE-2021-43549

Name of the Vulnerable Software and Affected Versions PI Server (affected versions not specified)

Description A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint, such as "/api/v1/login" or "/users/{id}", and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker, potentially through username or password variables, or be provided with false information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.