Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
6DescriptionCVE.org
Use of Hard-coded Credentials vulnerability in Avnatra Avantra allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avantra: before 25.3.0.
AnalysisAI
High severity vulnerability in Avantra. Use of Hard-coded Credentials vulnerability in Avnatra Avantra allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avantra: before 25.3.0.
Technical ContextAI
Vulnerability Type: Use of Hard-coded Credentials (CWE-798) CVSS 3.1: 7.2/10.0 — Attack Vector: Network | Complexity: Low | Privileges Required: None | User Interaction: None Attack Techniques: Authentication Bypass Source: NCSC.ch Cross-site scripting allows injection of malicious scripts that execute in victims' browsers, potentially stealing sessions or credentials. Authentication bypass allows attackers to access protected resources without valid credentials.
RemediationAI
Security advisories:
- https://support.avantra.com/hc/en-us/articles/5352465121695-Security-Notice-Legacy-Built-In-User-Account-rtm
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-11768