CVE-2026-2103

Exploit

EPSS 0.01%
Veröffentlicht 06.02.2026 16:22:28
Zuletzt bearbeitet 17.02.2026 15:46:31
Quelle cves@blacklanternsecurity.com
CVE-Watchlists
Login
Unerledigt
Login

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Infor ≫ Syteline Erp Version10.0.8803.16889

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cves@blacklanternsecurity.com	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-2103

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2103

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2103

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2103