OSIsoft PI Vision 2020 versions before 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
osisoft pi vision