{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2103", "assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "state": "PUBLISHED", "assignerShortName": "BLSOPS", "dateReserved": "2026-02-06T13:40:47.744Z", "datePublished": "2026-02-06T16:22:28.282Z", "dateUpdated": "2026-02-06T16:39:17.314Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "SyteLine ERP", "vendor": "Infor", "versions": [{"status": "affected", "version": "10.0.8803.16889"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials."}], "value": "Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials."}], "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191 Read Sensitive Strings Within an Executable"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "CWE-321", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "shortName": "BLSOPS", "dateUpdated": "2026-02-06T16:22:28.282Z"}, "references": [{"url": "https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp"}], "source": {"discovery": "INTERNAL"}, "title": "Use of Hard-Coded Cryptographic Key for Password Storage", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T16:38:53.194813Z", "id": "CVE-2026-2103", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T16:39:17.314Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2103", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T16:38:53.194813Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T16:39:10.277Z"}}], "cna": {"title": "Use of Hard-Coded Cryptographic Key for Password Storage", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191 Read Sensitive Strings Within an Executable"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Infor", "product": "SyteLine ERP", "versions": [{"status": "affected", "version": "10.0.8803.16889"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.", "supportingMedia": [{"type": "text/html", "value": "Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "CWE-321"}]}], "providerMetadata": {"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "shortName": "BLSOPS", "dateUpdated": "2026-02-06T16:22:28.282Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2103", "state": "PUBLISHED", "dateUpdated": "2026-02-06T16:39:17.314Z", "dateReserved": "2026-02-06T13:40:47.744Z", "assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "datePublished": "2026-02-06T16:22:28.282Z", "assignerShortName": "BLSOPS"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:infor:syteline_erp:10.0.8803.16889:*:*:*:*:*:*:*", "matchCriteriaId": "0110991B-B5AE-42B2-8E73-A6022EED59E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials."}], "id": "CVE-2026-2103", "lastModified": "2026-02-17T15:46:31.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "cves@blacklanternsecurity.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-06T17:16:28.240", "references": [{"source": "cves@blacklanternsecurity.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp"}], "sourceIdentifier": "cves@blacklanternsecurity.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "cves@blacklanternsecurity.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:42:13.455378+00:00", "value": {"mitigation_remediation": ["Acquire and apply any Infor\u2011issued patch that replaces the hard\u2011coded key with an installation\u2011specific key or a secure key\u2011management scheme", "Restrict filesystem and database access so that only the minimal privileged application account can read the binary and the database", "Force a full password reset for all user accounts and regenerate database connection strings and API keys", "Audit all stored sensitive data for similar hard\u2011coded key usage and migrate any affected data to a dedicated secure credential vault"], "summary": {"action": "Patch", "impact": "Credential compromise through decryption of stored credentials"}, "threat_synthesis": {"affected_systems": "The vulnerable product is Infor SyteLine ERP, version 10.0.8803.16889. Any deployment that uses this default key configuration for credential encryption is affected.", "description_and_impact": "Infor SyteLine ERP stores user passwords, database connection strings, and API keys encrypted with a hard\u2011coded static cryptographic key that is identical across all installations. Because the same key is used everywhere, an attacker who can read the application binary and the database can decrypt all this sensitive data and gain unauthorized access to system accounts and external services. This flaw is a classic example of improper use of cryptographic keys (CWE\u2011321 and CWE\u2011798) and poses a serious confidentiality risk.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a medium\u2011to\u2011high impact, and the EPSS score of less than 1% suggests that exploitation is not yet common but feasible for an attacker with the right access. The vulnerability is not listed in the CISA KEV catalog, but if the application binary or database becomes exposed, an attacker can realistically recover all passwords and credential secrets. The likely attack vector is an insider or compromised administrator who can read the binary and database files."}}}}, "created": "2026-02-09T10:50:38.427552+00:00", "updated": "2026-04-17T22:45:29.940635+00:00", "vendors": ["infor", "infor$PRODUCT$syteline_erp"]}