Infor: Security Vulnerabilities
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-02-06
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-09-02
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-05-16
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-05-16
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2011-11-01