infor CVE Vulnerabilities & Metrics

Focus on infor vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About infor Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with infor. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total infor CVEs: 3
Earliest CVE date: 01 Nov 2011, 19:55 UTC
Latest CVE date: 06 Feb 2026, 17:16 UTC

Latest CVE reference: CVE-2026-2103

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical infor CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.38

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS infor CVEs

These are the five CVEs with the highest CVSS scores for infor, sorted by severity first and recency.

CVE-2011-1915 infor Published on 01 Nov 2011, 19:55 UTC (CVSS: 7.5)
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-7952 infor Published on 16 May 2017, 10:29 UTC (CVSS: 6.5)
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
CVE-2017-7953 infor Published on 16 May 2017, 10:29 UTC (CVSS: 3.5)
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
CVE-2026-2103 infor Published on 06 Feb 2026, 17:16 UTC (CVSS: 0)
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

All CVEs for infor

CVE-2026-2103 infor vulnerability CVSS: 0 06 Feb 2026, 17:16 UTC

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

CVE-2017-7953 infor vulnerability CVSS: 3.5 16 May 2017, 10:29 UTC

INFOR EAM V11.0 Build 201410 has XSS via comment fields.

CVE-2017-7952 infor vulnerability CVSS: 6.5 16 May 2017, 10:29 UTC

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.

CVE-2011-1915 infor vulnerability CVSS: 7.5 01 Nov 2011, 19:55 UTC

SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.