Avaya patched a high severity vulnerability in the Aura Application Enablement Services (AES) product versions 6.3.1, 6.3.2, 6.3.3, and 7.x. This vulnerability could allow a remote threat actor to gain privileged user access to the AES server by using specially crafted messages. The NJCCIC recommends administrators review the Avaya advisory, and those running Aura AES version 6.3.1, 6.3.2, and 6.3.3 install Super Patch 7 and apply the AES 220.127.116.11 security hotfix. Those running version 7.0.x should update to 7.0.1, install Super Patch 4, and apply the EAS 18.104.22.168 security hotfix. Lastly, those running version 7.1 should apply the AES 22.214.171.124.0 security hotfix as specified in the Avaya Product Support Notice.