GCVE - cpe:2.3:a:aveva:application_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aveva:application_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aveva (`419325dd-398d-5d8e-98c9-e41c800a541d`)
Product	Application Server (`ba496741-e1a3-5004-bf5a-7f171fab552f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8386`	vulnerable	2026-06-03 15:13:43.508014	AVEVA Application Server IDE Basic Cross-site Scripting MEDIUM (6.9) The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited during config-time operations within the IDE component of Application Server. Run-time components and operations are not affected. Published: 2025-11-14T23:57:04.396Z Updated: 2025-11-17T16:56:00.107Z Open on db.gcve.eu Reference links https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin-AVEVA-2025-005.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-02 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-02.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7113`	vulnerable	2026-06-03 14:58:05.070958	Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack. Published: 2024-08-13T16:26:32.285Z Updated: 2024-08-15T18:49:01.175Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-34982`	vulnerable	2026-06-03 14:52:17.503370	AVEVA Operations Control Logger External Control of File Name or Path MEDIUM (5.5) This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. Published: 2023-11-15T16:28:35.183Z Updated: 2024-08-02T16:17:04.179Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 https://www.aveva.com/en/support-and-success/cyber-security-updates/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33873`	vulnerable	2026-06-03 14:52:14.832938	AVEVA Operations Control Logger Execution with Unnecessary Privileges HIGH (7.8) This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. Published: 2023-11-15T16:22:31.927Z Updated: 2024-11-21T20:10:00.423Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 https://www.aveva.com/en/support-and-success/cyber-security-updates/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.