A critical privilege escalation vulnerability in Infor products allows authenticated users to gain unauthorized super administrator access, posing a severe risk of complete system compromise.

This is a privilege escalation vulnerability where an authenticated standard user can manipulate parameters to elevate their privileges to those of a super administrator.

The ability for a standard user to escalate to super administrator status grants an attacker full control over the affected application. This leads to unauthorized access to sensitive data, the potential for data exfiltration, and the ability to modify system configurations, resulting in significant operational and reputational damage. The CVSS score of 9.6 reflects the high impact on confidentiality, integrity, and availability.

Immediate Action: Update all affected Infor software installations to the latest vendor-provided version immediately.

Proactive Monitoring: Review application access logs for unusual administrative activity or changes to user permission structures initiated by non-administrative accounts.

Compensating Controls: Implement strict Web Application Firewall (WAF) rules to inspect and sanitize incoming HTTP parameters for unexpected structural modifications.

Public Exploit Available: Unknown

Given the critical severity of this privilege escalation flaw, organizations must prioritize patching. Failure to remediate this vulnerability could allow malicious actors to gain full administrative control over the business environment, leading to catastrophic data loss or system manipulation.