Aveva Application Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Aveva Application Server.
By the Year
In 2026 there have been 0 vulnerabilities in Aveva Application Server. Last year, in 2025 Application Server had 1 security vulnerability published. Right now, Application Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 6.90 |
It may take a day or so for new Application Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Aveva Application Server Security Vulnerabilities
Appian Help Files XSS via aaConfigTools Enables PrivEsc
CVE-2025-8386
6.9 - Medium
- November 14, 2025
The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited during config-time operations within the IDE component of Application Server. Run-time components and operations are not affected.
Basic XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Aveva Application Server or by Aveva? Click the Watch button to subscribe.
