CVE-2026-2103

HIGH
2026-02-06 [email protected]
Information Disclosure Syteline Erp
7.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 17, 2026 - 15:46 vuln.today
Public exploit code
CVE Published
Feb 06, 2026 - 17:16 nvd
HIGH 7.1

DescriptionNVD

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

AnalysisAI

Syteline Erp versions up to 10.0.8803.16889 is affected by use of hard-coded cryptographic key (CVSS 7.1).

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all systems running Syteline ERP versions up to 10.0.8803.16889 and isolate them from untrusted networks. Within 7 days: Implement network segmentation to restrict access to Syteline instances to authorized personnel only, deploy WAF rules to monitor for exploitation attempts, and contact Syteline for patch availability and timeline. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-2103 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy