Description
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords.

This issue affects Avantra: before 25.3.0.
Published: 2026-05-22
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises when Syslink Software AG Avantra uses default usernames and passwords for its internal database on Linux and Windows. The flaw permits attackers to acquire credentials through a trial of common or default login pairs, potentially leading to unauthorized access to sensitive data. The weakness is categorized under CWE‑1393, indicating use of default or hidden credentials that compromise confidentiality and integrity.

Affected Systems

The affected product is Avantra from Syslink Software AG, with all versions prior to 25.3.0 susceptible to the issue. The vulnerability applies to installations running on Linux or Windows operating systems.

Risk and Exploitability

The CVSS score of 5.1 reflects a moderate severity. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. Based on the description, the likely attack vector is external access to the database service where default credentials are accepted; an attacker able to reach the database endpoint could credential‑guess or brute‑force default accounts to read or modify data. The exploitation requires network connectivity to the database but does not need local system privileges.

Generated by OpenCVE AI on May 22, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Avantra 25.3.0 update or later to replace default credentials
  • Disable or change any default or hidden database login accounts
  • Restrict network access to the database server, limiting connections to trusted hosts

Generated by OpenCVE AI on May 22, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Syslink Software Ag
Syslink Software Ag avantra
Vendors & Products Syslink Software Ag
Syslink Software Ag avantra

Fri, 22 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0.
Title Default credentials for internal DB
Weaknesses CWE-1393
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Syslink Software Ag Avantra
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-05-22T15:04:30.882Z

Reserved: 2026-05-15T11:49:59.333Z

Link: CVE-2026-8672

cve-icon Vulnrichment

Updated: 2026-05-22T15:04:26.046Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:30:38Z

Weaknesses