cpe:/a:netreo:omnicenter:12.1.1 CVE-2019-17128 2019-10-09T12:15:15.233-04:00 2019-10-11T15:48:27.617-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2019-10-11T14:20:55.863-04:00 MISC http://packetstormsecurity.com/files/154763/OmniCenter-12.1.1-SQL-Injection.html MISC https://www.netreo.com/blog/omnicenter-12-now-available-extensible-integration-unlimited-scalability-device-grouping/ Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.