← Voltar para CVEs
CVE-2026-2103
HIGH7.1
Descricao
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.
Detalhes CVE
Pontuacao CVSS v3.17.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/6/2026
Ultima modificacao2/17/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
infor:syteline_erp
Fraquezas (CWE)
CWE-321CWE-798
Referencias
https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp(cves@blacklanternsecurity.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.