Skip to main content

Avantra CVE-2026-8672

| EUVDEUVD-2026-31437 MEDIUM
Use of Default Password (CWE-1393)
2026-05-22 NCSC.ch GHSA-hhj7-5v62-787q
5.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
May 26, 2026 - 14:16 EUVD
Analysis Generated
May 22, 2026 - 14:04 vuln.today

DescriptionCVE.org

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords.

This issue affects Avantra: before 25.3.0.

AnalysisAI

Default credential exposure in syslink software AG Avantra (all versions before 25.3.0) on Linux and Windows allows a local attacker with high-privilege access to authenticate using known default passwords, achieving high confidentiality impact against monitoring data and infrastructure configurations managed by the platform. Reported by NCSC.ch and addressed in version 25.3.0, this CWE-1393 flaw represents an insider threat or post-compromise lateral movement risk for organizations running Avantra in SAP and IT operations environments. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis.

Technical ContextAI

Avantra is an IT infrastructure and SAP systems monitoring platform developed by syslink software AG, deployed on Linux and Windows hosts. The root cause is CWE-1393 (Use of Default Credentials): the software ships with hardcoded or well-known default passwords that are not enforced to change during installation or initial setup, providing a predictable authentication pathway to any party aware of the defaults. The full CPE string cpe:2.3:a:syslink_software_ag:avantra:*:*:*:*:*:*:*:* covers all Avantra versions across all configurations on both supported platforms. The CVSS vector AV:L/AC:L/PR:H/UI:N reflects that exploitation occurs locally with low complexity once an attacker is already operating at high-privilege on the host - consistent with scenarios where default credentials are used to access an application layer running atop an already-compromised or insider-accessible system. The 'Microsoft' tag in the source metadata may indicate relevance to Windows Active Directory-integrated deployments or Windows-specific Avantra configurations.

RemediationAI

The primary fix is upgrading Avantra to version 25.3.0 or later, as confirmed by the description ('before 25.3.0') and the vendor advisory at https://support.avantra.com/hc/en-us/articles/5535551609759. For organizations unable to upgrade immediately, all default credentials within the Avantra application must be changed at once - administrators should audit every Avantra account for unchanged default or weak passwords and enforce strong, unique credentials; this directly eliminates the exploitable condition with no functional trade-off. Additionally, restrict local and administrative access to Avantra host systems to only authorized, named personnel to reduce the pool of users who could attempt default credential use. Review Avantra authentication logs for any historical login attempts using known default credential patterns to assess prior exposure. Implementing least-privilege access on the host OS for Avantra service accounts on both Linux and Windows further reduces blast radius if default credentials are discovered.

Share

CVE-2026-8672 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy