The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590