Aveva Application Server vulnerabilities

CVE-2025-8386 [HIGH] CWE-80 CVE-2025-8386: The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfi The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited during config-time

CVE-2024-7113 [HIGH] CWE-770 CVE-2024-7113: If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resource If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.

CVE-2023-33873 [HIGH] CWE-250 CVE-2023-33873: This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user wi This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

CVE-2023-34982 [HIGH] CWE-73 CVE-2023-34982: This external control vulnerability, if exploited, could allow a local OS-authenticated user with s This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.