Vicxer Inc

**Name of the Vulnerable Software and Affected Versions** Avantra versions prior to 25.3.1 **Description** Insufficient session expiration in syslink software AG Avantra on Linux and Windows allows for the reuse of session IDs, a technique known as Session Replay, where an attacker captures and reuse a valid session token to gain unauthorized access. **Recommendations** Update to version 25.3.1.

**Name of the Vulnerable Software and Affected Versions** Avantra versions prior to 25.3.0 **Description** An issue in syslink software AG Avantra on Linux and Windows allows the insertion of sensitive information into log files, leading to Resource Leak Exposure, which occurs when a system fails to properly release or protect sensitive data, making it accessible to unauthorized parties. **Recommendations** Update to version 25.3.0.

**Name of the Vulnerable Software and Affected Versions** Avantra versions prior to 25.3.0 **Description** An issue in syslink software AG Avantra on Linux and Windows allows the use of common or default usernames and passwords to gain unauthorized access. **Recommendations** Update to version 25.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** Avantra versions prior to 25.3.0 **Description** An unprotected transport of credentials issue in syslink software AG Avantra on Linux and Windows enables sniffing attacks, where an attacker can intercept sensitive authentication data during transmission. **Recommendations** Update to version 25.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** Avantra versions prior to 25.3.0 **Description** A hard-coded credentials issue exists in Avantra, allowing access to functionality not properly constrained by Access Control Lists (ACLs). This could potentially allow unauthorized access to sensitive features within the system. **Recommendations** Versions prior to 25.3.0 should be updated to version 25.3.0 or later.