RELAYTO Endpoints Penetration Test Results (41/101)

Pass MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (April 2018 CPU) CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2 19 Apr 2018 5.5 (v3) Medium Pass Cisco IOS SNMP Community string write privileges. 18 Apr 2018 None Pass Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability (cisco-sa-20180418-iosxr) CVE-2018-0241 27 Apr 2018 7.4 (v3) High Pass Atlassian JIRA < 4.2.1 Multiple Vulnerabilities 24 Apr 2018 6.3 (v3) Medium Pass Pulse Connect Secure Multiple Vulnerabilities (SA43730) CVE-2007-5846 CVE-2016-2125 CVE-2016-2126 CVE-2016-10142 CVE-2018-9849 18 May 2018 6.5 (v3) Medium Pass Apache Struts 2.0.x < 2.0.9 RCE (S2-001) 10 Sep 2018 9.8 (v3) Critical Pass Oracle Database Server CVE-2018-3110 CVE-2018-3110 14 Aug 2018 9.9 (v3) Critical Pass D-Link DIR Router Authenication Bypass 11 Oct 2017 8.3 (v3) High Pass Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability (cisco-sa-20180307-cpcp CVE-2018-0141 09 Mar 2018 8.4 (v3) High Pass Cisco Prime Collaboration Provisioning XSS (cisco-sa-prime-collab-xss-fQMDE5GO) CVE-2021-34732 03 Sep 2021 6.1 (v3) Medium Pass Cisco Prime Collaboration Provisioning Information Disclosure (cisco-sa-prim-collab-disclo-FAnX4DKB) CVE-2020-3193 19 Mar 2020 5.3 (v3) Medium Pass Cisco Uni fi ed Communications Products Vulnerabilities (cisco-sa-imp-trav-inj-dM687ZD6) CVE-2021-1282 05 Feb 2021 4.9 (v3) Medium Pass Apache Struts 2.x < 2.3.14.2 Multiple Vulnerabilities (S2-014) CVE-2013-1966 CVE-2013-2115 10 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.2.1 OGNL RCE (S2-005) CVE-2010-1870 10 Sep 2018 5.3 (v3) Medium Pass Apache Struts 2.x < 2.3.15.1 Multiple Vulnerabilities (S2-016) (S2-017) CVE-2013-2248 CVE-2013-2251 10 Sep 2018 9.8 (v3) Critical Pass Cisco IOS Software Cluster Management Protocol DoS Vulnerability (cisco-sa-20180926-cmp) CVE-2018-0475 05 Oct 2018 7.4 (v3) High Pass Apache Struts 2.x < 2.2.3 Multiple XSS (S2-006) CVE-2011-1772 10 Sep 2018 4.3 (v3) Medium Pass Apache Struts 2.0.x < 2.2.1 Security Bypass Vulnerability (S2-003) 10 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.3.15.3 Broken Access Control Vulnerability (S2-018) CVE-2013-4310 10 Sep 2018 6.5 (v3) Medium Pass Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020) CVE-2014-0050 CVE-2014-0094 10 Sep 2018 7.3 (v3) High Pass Apache Struts 2.x < 2.3.15.2 Dynamic Method Invocation Multiple Vulnerabilities (S2-019) CVE-2013-4316 11 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.3.1.2 RCE (S2-009) CVE-2011-3923 11 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.3.20 Multiple ClassLoader Manipulation Vulnerabilities (S2-021) CVE-2014-0112 CVE-2014-0113 12 Sep 2018 7.3 (v3) High Pass Cisco IOS Software IPv6 Hop-by-Hop DoS Vulnerability (cisco-sa-20180926-ipv6hbh) CVE-2018-0467 05 Oct 2018 8.6 (v3) High Pass Cisco IOS Software OSPFv3 DoS Vulnerability (cisco-sa-20180926-ospfv3-dos) CVE-2018-0466 05 Oct 2018 6.5 (v3) Medium Pass Apache Tomcat 9.0.0.M1 < 9.0.8 Denial of Service Vulnerability CVE-2018-1336 27 Feb 2019 7.5 (v3) High Pass Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod Multi-Site TCP DoS (cisco-sa-n9kaci-tcp-dos-YXukt6gM) CVE-2021-1586 21 Feb 2022 8.6 (v3) High Pass F5 BIG-IP RCE (CVE-2022-1388) CVE-2022-1388 09 May 2022 9.8 (v3) Critical Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2018 CPU) CVE-2017-5645 CVE-2018-3204 CVE-2018-8013 03 Jan 2019 9.8 (v3) Critical Pass nginx <= 1.3.13 Insecure Log Permissions CVE-2013-0337 05 Mar 2019 7.3 (v3) High Pass Atlassian JIRA < 7.6.7 / 7.7.x < 7.11.0 Information Disclosure CVE-2017-18104 05 Mar 2019 5.9 (v3) Medium Pass Atlassian JIRA < 7.5.3 Cross-Site Scripting CVE-2017-16863 05 Mar 2019 6.1 (v3) Medium Pass Atlassian JIRA < 7.6.1 Multiple Vulnerabilities CVE-2017-16865 CVE-2017-18097 CVE-2017-18098 05 Mar 2019 6.1 (v3) Medium Pass Atlassian JIRA < 7.6.2 Cross-Site Request Forgery CVE-2017-16862 05 Mar 2019 4.3 (v3) Medium Pass Atlassian JIRA < 7.6.5 / 7.7.x < 7.7.3 / 7.8.x < 7.8.3 Limited Authentication Bypass CVE-2017-18101 05 Mar 2019 6.5 (v3) Medium Pass Palo Alto Networks < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Integer Over fl ow Vulnerability (PAN-SA-2019-0006) CVE-2018-14634 25 Mar 2019 7.8 (v3) High Pass Cisco IOS Software Hot Standby Router Protocol Information Leak Vulnerability CVE-2019-1761 05 Apr 2019 4.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.16 / 9.0.0.x < 9.0.0.11 Admin Console Denial of Service (DoS) Vulnerability (CVE-2019-4080) CVE-2019-4080 12 Apr 2019 6.5 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.16 / 9.0.0.x < 9.0.0.11 Information Disclosure Vulnerability (CVE-2018-1996) CVE-2018-1996 12 Apr 2019 5.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.16 / 9.0.0.x < 9.0.0.11 / Liberty < 19.0.0.4 Request Header Denial of Service (DoS) Vulnerability (CVE-2019-4046) CVE-2019-4046 12 Apr 2019 7.5 (v3) High Pass Tenable Nessus < 8.1.1 Multiple Vulnerabilities (TNS-2018-16) CVE-2018-0734 CVE-2018-5407 02 Jan 2019 5.9 (v3) Medium Pass 3S CODESYS Runtime 3.x < 3.5.14.0 Insu ffi cient Access Control Vulnerability CVE-2018-10612 CVE-2018-20025 CVE-2018-20026 03 Jan 2019 9.8 (v3) Critical Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 Form Login Spoo fi ng Vulnerability (CVE-2018-1695) CVE-2018-1695 03 May 2019 5.6 (v3) Medium Pass Juniper JSA10936 CVE-2019-0044 10 May 2019 7.5 (v3) High Pass Atlassian JIRA Server-Side Request Forgery (SSRF) Vulnerability (JRASERVER-68527) CVE-2018-13404 10 May 2019 4.1 (v3) Medium Pass Atlassian JIRA Cross-Site Scripting (XSS) Vulnerability (JRASERVER-68614) CVE-2018-20232 10 May 2019 5.4 (v3) Medium Pass IBM Spectrum Protect Client 7.1.x < 7.1.8.4 / 8.1.x < 8.1.6.1 Denial of Service Vulnerability (CVE-2018-1786) CVE-2018-1786 03 Jan 2019 7.5 (v3) High Pass IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.9 TLS Downgrade Vulnerability (CVE-2018-1719) CVE-2018-1719 30 May 2019 5.9 (v3) Medium Pass IBM WebSphere Application Server Virtual Enterprise 7.0.x / Network Deployment 8.5.x < 8.5.5.16 / Network Deployment 9.0.0.x <= 9.0.0.11 Remote Code Execution Vulnerability (CVE-2019-4279) CVE-2019-4279 31 May 2019 9.8 (v3) Critical Pass Juniper JSA10889 CVE-2018-0055 07 Jun 2019 5.3 (v3) Medium Pass Apache Tomcat 9.0.0.M1 < 9.0.16 DoS CVE-2019-0199 27 Jun 2019 7.5 (v3) High Pass MySQL 5.6.x < 5.6.45 Multiple Vulnerabilities (Jul 2019 CPU) CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 CVE-2019-2819 CVE-2019-2969 18 Jul 2019 6.2 (v3) Medium Pass Cisco Uni fi ed Communications Manager Session Initiation Protocol Denial of Service Vulnerability CVE-2019-1887 12 Jul 2019 7.5 (v3) High Pass Cisco IOS Software Network Plug-and-Play Agent Certi fi cate Validation Vulnerability CVE-2019-1748 26 Jul 2019 7.4 (v3) High Pass Cisco IOS Software Information Disclosure Vulnerability (cisco-sa-20190327-info) CVE-2019-1762 29 Jul 2019 4.4 (v3) Medium Pass Atlassian JIRA worklog Information Disclosure CVE-2019-8445 29 Aug 2019 5.3 (v3) Medium Pass Atlassian JIRA < 7.13.4 / 8.0.x < 8.1.0 Epic Name DoS (SB19-182) CVE-2019-11583 29 Aug 2019 6.5 (v3) Medium Pass Atlassian JIRA Authentication Bypass Vulnerability (JRASERVER-69239) CVE-2018-20826 03 Sep 2019 4.3 (v3) Medium Pass Atlassian JIRA Information Disclosure Vulnerability (JRASERVER-69797) CVE-2019-8448 03 Sep 2019 5.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.x / 8.0.0.x / 8.5.x < 8.5.5.17 / 9.0.0.x < 9.0.5.2 Information Disclosure (CVE-2019-4477) CVE-2019-4477 20 Sep 2019 6.5 (v3) Medium Pass Atlassian JIRA 7.7.x < 7.13.1 XSS vulnerability (JRASERVER-69238) CVE-2018-20824 25 Sep 2019 6.1 (v3) Medium Pass Cisco Uni fi ed Communications Manager Cross-Site Scripting (XSS) Vulnerability CVE-2019-12715 25 Oct 2019 6.1 (v3) Medium Pass Cisco IOS Denial of Service Vulnerability (cisco-sa-20190925-sip-dos) CVE-2019-12654 08 Oct 2019 7.5 (v3) High Pass Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability (cisco-sa-20190925-ios-gos-auth) CVE-2019-12648 08 Oct 2019 8.8 (v3) High Pass Cisco IOS ISDN Interface Denial of Service Vulnerability CVE-2019-1752 11 Oct 2019 7.5 (v3) High Pass Cisco Uni fi ed Communications Manager Cross-Site Scripting (XSS) Vulnerability CVE-2019-12716 11 Oct 2019 6.1 (v3) Medium Pass Cisco IOS XR gRPC Software Denial of Service Vulnerability CVE-2019-12647 18 Oct 2019 7.5 (v3) High Pass Cisco Wireless LAN Controller Secure Shell (SSH) Denial of Service Vulnerability (cisco-sa-20191016-wlc-ssh-dos) CVE-2019-15262 25 Oct 2019 7.5 (v3) High Pass MySQL 5.6.x < 5.6.46 Multiple Vulnerabilities (Oct 2019 CPU) CVE-2019-2910 CVE-2019-2911 CVE-2019-2922 CVE-2019-2923 CVE-2019-2924 CVE-2019-2974 18 Oct 2019 5.3 (v3) Medium Pass Cisco IOS Software IP Service Level Agreement Denial of Service Vulnerability CVE-2019-1737 21 Oct 2019 8.6 (v3) High Pass Atlassian Jira 7.6.x < 7.6.13, 7.7.0 < 7.13.3, 8.x < 8.1.1 Information Disclosure Vulnerability CVE-2019-3401 25 Oct 2019 5.3 (v3) Medium Pass Atlassian Jira 7.13.x < 7.13.3 / 8.0.x < 8.0.4 / 8.1.x < 8.1.1 Information Disclosure Vulnerability CVE-2019-3403 25 Oct 2019 5.3 (v3) Medium Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (April 2016 CPU) CVE-2014-3576 CVE-2016-0468 CVE-2016-0479 25 Oct 2019 6.1 (v3) Medium Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2016 CPU) CVE-2016-3432 CVE-2016-3433 CVE-2016-3446 CVE-2016-3474 CVE-2016-3544 25 Oct 2019 8.3 (v3) High Pass Cisco Uni fi ed Communications Manager SQLi (cisco-sa-20191002-cuc-inject) CVE-2019-12710 30 Oct 2019 4.9 (v3) Medium Pass Junos OS: Clear Text Authentication Credentials (JSA10969) CVE-2019-0069 01 Nov 2019 5.5 (v3) Medium Pass Juniper JSA10956 CVE-2019-0058 01 Nov 2019 7.8 (v3) High Pass Cisco Uni fi ed Communications Manager XSS (cisco-sa-20191002-cuc-xss) CVE-2019-12707 31 Oct 2019 6.1 (v3) Medium Pass Atlassian Jira 7.13.x < 7.13.4, 8.x < 8.2.2 CSRF vulnerability (JRASERVER-69858) CVE-2019-14999 05 Nov 2019 4.3 (v3) Medium Pass Cisco IOS IP Detail Record DoS (cisco-sa-20160928-ipdr) CVE-2016-6379 12 Nov 2019 7.5 (v3) High Pass Cisco Uni fi ed Communications Manager Cross-Site Request Forgery (XSRF) Vulnerability (cisco-sa-20191002-cucm-csrf) CVE-2019-1915 07 Nov 2019 6.5 (v3) Medium Pass Cisco IOS H.323 Message Validation DoS (cisco-sa-20160928-h323) CVE-2016-6384 12 Nov 2019 7.5 (v3) High Pass Cisco IOS Smart Install Memory Leak (cisco-sa-20160928-smi) CVE-2016-6385 12 Nov 2019 7.5 (v3) High Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1735) CVE-2019-1735 13 Nov 2019 7.8 (v3) High Pass Cisco NX-OS Software Multiple Vulnerabilities (cisco-sa-20190515-nxos-cmdinj-1774-1775) CVE-2019-1774 CVE-2019-1775 13 Nov 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1770) CVE-2019-1770 14 Nov 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1790) CVE-2019-1790 14 Nov 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1783) CVE-2019-1783 14 Nov 2019 6.7 (v3) Medium Pass Cisco IOS Autonomic Control Plane Channel Information Disclosure (cisco-sa-20170726-aniacp) CVE-2017-6665 18 Nov 2019 6.5 (v3) Medium Pass Cisco IOS AAA Login DoS (cisco-sa-20160928-aaados) CVE-2016-6393 21 Nov 2019 7.5 (v3) High Pass Cisco NX-OS Software NX-API Denial of Service Vulnerability CVE-2020-3170 05 Mar 2020 5.3 (v3) Medium Pass Cisco IOS Autonomic Networking Infrastructure DoS (cisco-sa-20170726-anidos) CVE-2017-6663 22 Nov 2019 6.5 (v3) Medium Pass Cisco IOS Software Smart Install DoS (cisco-sa-20180328-smi) CVE-2018-0156 27 Nov 2019 7.5 (v3) High Pass Cisco IOS Software Internet Key Exchange Memory Leak (cisco-sa-20180328-ike) CVE-2018-0158 27 Nov 2019 8.6 (v3) High Pass Cisco IOS Software Secure Shell Connection on VRF (cisco-sa-20190109-ios-ssh-vrf) CVE-2018-0484 06 Dec 2019 6.5 (v3) Medium Pass Cisco NX-OS Software OSPF LSA Manipulation (cisco-sa-20170727-ospf) CVE-2017-6770 27 Nov 2019 4.2 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1795) CVE-2019-1795 04 Dec 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190306-nxos-cmdinj-1611) CVE-2019-1611 04 Dec 2019 6.7 (v3) Medium Pass Junos OS: processing of speci fi c transit IP packets in fl owd, leading to Denial of Service (JSA10959) CVE-2019-0060 16 Dec 2019 7.5 (v3) High Pass IBM WebSphere Application Server 7.0.x / 8.0.0.x / 8.5.x < 8.5.5.17 / 9.0.0.x < 9.0.5.2 Directory Traversal Vulnerability CVE-2019-4442 06 Dec 2019 4.3 (v3) Medium Pass Cisco IOS Software Software Plug and Play Agent Memory Leak(cisco-sa-20180926-pnp-memleak) CVE-2018-15377 13 Dec 2019 8.6 (v3) High Pass nginx < 1.17.7 Information Disclosure CVE-2019-20372 05 Mar 2020 5.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.2 / Liberty < 19.0.0.11 Information Disclosure (CVE-2019-4441) CVE-2019-4441 16 Dec 2019 5.3 (v3) Medium Pass Cisco NX-OS Software Privilege Escalation Vulnerability CVE-2019-1602 18 Dec 2019 7.8 (v3) High Pass Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability CVE-2020-3175 05 Mar 2020 8.6 (v3) High Pass Cisco NX-OS Software CLI Command Injection Vulnerability (Cisco-Sa-20190306-Nxos-Cmdinj-1609) CVE-2019-1609 27 Dec 2019 6.7 (v3) Medium Pass IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Information Disclosure (CVE-2018-1614) CVE-2018-1614 28 Jan 2020 7.5 (v3) High Pass SSL/TLS Deprecated Ciphers Unsupported 06 Jan 2020 None Pass SSLv2-Only Open Ports Unsupported 06 Jan 2020 None Pass Cisco Data Center Network Manager < 11.3(1) Multiple Vulnerabilities CVE-2019-15975 CVE-2019-15976 CVE-2019-15977 CVE-2019-15978 CVE-2019-15979 CVE-2019-15980 CVE-2019-15981 CVE-2019-15982 CVE-2019-15983 CVE-2019-15984 CVE-2019-15985 CVE-2019-15999 09 Jan 2020 9.8 (v3) Critical Pass Cisco IOS Software NAT64 Denial of Service Vulnerability CVE-2019-1751 09 Jan 2020 7.5 (v3) High Pass MySQL 5.6.x < 5.6.47 Multiple Vulnerabilities (Jan 2020 CPU) CVE-2019-1547 CVE-2020-2574 CVE-2020-2579 16 Jan 2020 4.7 (v3) Medium 41

RELAYTO Endpoints Penetration Test Results - Page 41

RELAYTO Endpoints Penetration Test Results Page 40 Page 42