MidnightBSD

Advisories for infor

CVE-2011-1915 HIGH

SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
infor enspire_distribution_management_solution 7.3.2.7
infor eclient 7.3.2.3
CVE-2017-7952 MEDIUM

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
infor enterprise_asset_management 11.0_build_201410
CVE-2017-7953 LOW

INFOR EAM V11.0 Build 201410 has XSS via comment fields.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
infor enterprise_asset_management 11.0
CVE-2024-51423

Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
infor global_human_resources *
CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cves@blacklanternsecurity.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
infor syteline_erp 10.0.8803.16889