Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

infor

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2026-2103
Assigner-Black Lantern Security
ShareView Details
Assigner-Black Lantern Security
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.95%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 16:22
Updated-17 Feb, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Hard-Coded Cryptographic Key for Password Storage

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

Action-Not Available
Vendor-inforInfor
Product-syteline_erpSyteLine ERP
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-51423
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 32.34%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 00:00
Updated-10 Sep, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter.

Action-Not Available
Vendor-inforn/a
Product-global_human_resourcesn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7952
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-16 May, 2017 | 10:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.

Action-Not Available
Vendor-inforn/a
Product-enterprise_asset_managementn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-7953
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 41.97%
||
7 Day CHG~0.00%
Published-16 May, 2017 | 10:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

INFOR EAM V11.0 Build 201410 has XSS via comment fields.

Action-Not Available
Vendor-inforn/a
Product-enterprise_asset_managementn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1915
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.41%
||
7 Day CHG~0.00%
Published-01 Nov, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-inforn/a
Product-enspire_distribution_management_solutioneclientn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')