← Retour aux CVEs
CVE-2026-2103
HIGH7.1
Description
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.
Details CVE
Score CVSS v3.17.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/6/2026
Derniere modification2/17/2026
Sourcenvd
Observations honeypot0
Produits affectes
infor:syteline_erp
Faiblesses (CWE)
CWE-321CWE-798
References
https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp(cves@blacklanternsecurity.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.