Skip to main content

Avantra CVE-2026-8673

| EUVDEUVD-2026-31436 MEDIUM
Unprotected Transport of Credentials (CWE-523)
2026-05-22 NCSC.ch GHSA-v88w-jgrg-7946
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Patch available
May 26, 2026 - 14:16 EUVD
Analysis Generated
May 22, 2026 - 14:04 vuln.today

DescriptionCVE.org

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks.

This issue affects Avantra: before 25.3.0.

AnalysisAI

Unprotected credential transport in syslink software AG Avantra before version 25.3.0 exposes authentication material to network-layer interception on both Linux and Windows deployments. The vulnerability, classified under CWE-523, allows a suitably positioned network adversary to capture credentials in transit, with the CVSS vector indicating high confidentiality and integrity impact upon successful exploitation. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the high attack complexity and high privilege prerequisite meaningfully constrain the realistic attacker population.

Technical ContextAI

CWE-523 (Unprotected Transport of Credentials) describes a design failure where authentication credentials are transmitted across the network without adequate cryptographic protection - either in cleartext or over a broken/misconfigured encrypted channel - making them recoverable by a passive or active network observer. The affected product is Avantra, an enterprise SAP monitoring platform developed by syslink software AG, identified by CPE cpe:2.3:a:syslink_software_ag:avantra:*:*:*:*:*:*:*:*. The Microsoft tag in the intelligence data suggests involvement of Microsoft protocol or transport layers (e.g., WinRM, NTLM, SMB-adjacent channels) alongside the SAP monitoring context. The CVSS network attack vector (AV:N) confirms the credential exposure occurs over a network path, while AC:H indicates that the attacker must engineer specific interception conditions such as a man-in-the-middle position or privileged network vantage point.

RemediationAI

The primary remediation is to upgrade Avantra to version 25.3.0 or later, as confirmed by the vendor advisory at https://support.avantra.com/hc/en-us/articles/5535621927071. If an immediate upgrade is not possible, compensating controls should focus on isolating Avantra communication channels: restrict network access to Avantra agent and server communication paths using firewall rules or network segmentation to trusted hosts only, preventing untrusted parties from reaching positions where credential interception is feasible. Enforce mutual TLS or IPsec between Avantra components if the platform supports it, to provide transport-layer encryption as a stopgap; note that this may require additional infrastructure configuration and does not address the root cause. Monitor for anomalous lateral movement or credential reuse from Avantra service accounts as a detection measure. Given that Microsoft-related transports may be involved (per tagging), review and restrict NTLM or WinRM exposure on Avantra-adjacent Windows hosts.

Share

CVE-2026-8673 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy