Vulnerability Details CVE-2019-17128
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/154763/OmniCenter-12.1.1-SQL-Injection.html
- https://www.netreo.com/blog/omnicenter-12-now-available-extensible-integration-unlimited-scalability-device-grouping/
- http://packetstormsecurity.com/files/154763/OmniCenter-12.1.1-SQL-Injection.html
- https://www.netreo.com/blog/omnicenter-12-now-available-extensible-integration-unlimited-scalability-device-grouping/
Products affected by CVE-2019-17128
-
cpe:2.3:a:netreo:omnicenter:12.0.0
-
cpe:2.3:a:netreo:omnicenter:12.0.1
-
cpe:2.3:a:netreo:omnicenter:12.0.2
-
cpe:2.3:a:netreo:omnicenter:12.0.3
-
cpe:2.3:a:netreo:omnicenter:12.0.4
-
cpe:2.3:a:netreo:omnicenter:12.0.5
-
cpe:2.3:a:netreo:omnicenter:12.0.6
-
cpe:2.3:a:netreo:omnicenter:12.0.7
-
cpe:2.3:a:netreo:omnicenter:12.0.8
-
cpe:2.3:a:netreo:omnicenter:12.1.0
-
cpe:2.3:a:netreo:omnicenter:12.1.1