RELAYTO Endpoints Penetration Test Results (27/101)

Pass IBM GCM16 / GCM32 Global Console Manager KVM Switch Firmware Version < 1.20.20.23447 Multiple Vulnerabilities CVE-2014-3080 CVE-2014-3081 CVE-2014-3085 05 Aug 2014 7.1 (v2) High Pass NGINX Unit 0.x > 0.3 / 1.x < 1.7.1 Heap Bu ff er Over fl ow (CVE-2019-7401) CVE-2019-7401 26 Apr 2019 9.8 (v3) Critical Pass MODx < 2.0.3-pl modahsh Parameter XSS CVE-2010-4883 20 Oct 2011 2.6 (v2) Low Pass Cisco Wireless LAN Controller Multiple Vulnerabilities CVE-2016-6375 CVE-2016-6376 18 Oct 2016 6.5 (v3) Medium Pass Cisco NX-OS SSH Connection Negotiation Remote Command Execution (cisco-sa-20161005-nxaaa) CVE-2015-0721 14 Oct 2016 8 (v3) High Pass Atlassian JIRA Unsupported Version Detection 24 Apr 2018 10 (v3) Critical Pass Apache < 2.0.55 Multiple Vulnerabilities CVE-2005-1268 CVE-2005-2088 CVE-2005-2491 CVE-2005-2700 CVE-2005-2728 CVE-2005-2970 26 Mar 2008 7.3 (v3) High Pass Juniper Junos User Authentication Bypass (JSA10802) CVE-2017-10601 31 Jul 2017 9.8 (v3) Critical Pass Apple iTunes < 10.6 Multiple Vulnerabilities (uncredentialed check) CVE-2011-2825 CVE-2011-2833 CVE-2011-2846 CVE-2011-2847 CVE-2011-2854 CVE-2011-2855 CVE-2011-2857 CVE-2011-2860 CVE-2011-2866 CVE-2011-2867 CVE-2011-2868 CVE-2011-2869 CVE-2011-2870 CVE-2011-2871 CVE-2011-2872 CVE-2011-2 12 Mar 2012 9.3 (v2) High Pass Gallery PostNuke Integration Access Validation Privilege Escalation CVE-2005-2596 12 Aug 2005 4.6 (v2) Medium Pass OpenSSL 1.0.1 < 1.0.1a ASN.1 asn1_d2i_read_bio Memory Corruption CVE-2012-2110 19 Apr 2012 7.5 (v2) High Pass OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE) CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 17 Oct 2014 4.3 (v2) Medium Pass Juniper Junos IPv6 Packet Handling Remote DoS (JSA10762) CVE-2016-4922 27 Oct 2016 7.5 (v3) High Pass GNU Mailutils imap4d Search Command Remote Format String CVE-2005-2878 09 Sep 2005 6.5 (v2) Medium Pass Attachmate Re fl ection for Secure IT UNIX server < 7.0 SP1 Multiple Vulnerabilities CVE-2006-2937 CVE-2006-2940 CVE-2007-3108 CVE-2008-1483 CVE-2008-1657 CVE-2008-6021 20 Aug 2008 10 (v3) Critical Pass SolarWinds Storage Manager Server LoginServlet loginName Parameter SQL Injection 16 May 2012 7.5 (v2) High Pass VMware Security Updates for vCenter Server (VMSA-2014-0008) CVE-2013-4322 CVE-2013-4590 CVE-2013-6629 CVE-2013-6954 CVE-2014-0050 CVE-2014-0114 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0 17 Sep 2014 10 (v2) Critical Pass Atlassian Crowd 2.1.x < 3.0.5 / 3.1.x < 3.1.6 / 3.2.x < 3.2.8 / 3.3.x < 3.3.5 / 3.4.x < 3.4.4 RCE (direct check) CVE-2019-11580 16 Jul 2020 9.8 (v3) Critical Pass OpenSSL 1.0.0 < 1.0.0h Multiple Vulnerabilities CVE-2006-7250 CVE-2011-4619 CVE-2012-0884 CVE-2012-1165 02 Apr 2012 5 (v2) Medium Pass Presto! PageManager Network Group Service Packet Network Request Parsing Arbitrary File Access 16 May 2012 7.8 (v2) High Pass IBM WebSphere Application Server 7.0 < Fix Pack 1 CVE-2009-0504 CVE-2008-5411 CVE-2008-5412 CVE-2008-5413 CVE-2008-5414 CVE-2009-0434 CVE-2009-0438 10 Dec 2008 5.1 (v2) Medium Pass IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities CVE-2009-0891 CVE-2009-0506 10 Apr 2009 7.5 (v2) High Pass IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities CVE-2013-0169 CVE-2013-0482 CVE-2013-0541 CVE-2013-0542 CVE-2013-0543 CVE-2013-0544 CVE-2013-0597 CVE-2013-1768 CVE-2013-2967 CVE-2013-2976 CVE-2013-3029 19 Jul 2013 7.5 (v2) High Pass Web Server Directory Traversal Arbitrary File Access CVE-2000-0920 CVE-2007-6483 CVE-2008-5315 CVE-2010-1571 CVE-2010-3459 CVE-2010-3460 CVE-2010-3487 CVE-2010-3488 CVE-2010-3743 CVE-2010-4181 CVE-2011-1900 CVE-2011-2524 CVE-2011-4788 CVE-2012-0697 CVE-2012-1464 CVE-2012-5 05 Nov 1999 10 (v2) Critical Pass VMware vCenter Update Manager XSS CVE-2009-1524 29 Jul 2010 4.3 (v2) Medium Pass Symantec SecurityExpressions Audit and Compliance Server Multiple XSS CVE-2009-3029 CVE-2009-3030 09 Oct 2009 4.3 (v2) Medium Pass IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities CVE-2010-0768 CVE-2010-0769 CVE-2010-0770 CVE-2010-0774 CVE-2010-0775 CVE-2010-0776 CVE-2010-0777 CVE-2010-1650 CVE-2010-1651 CVE-2011-1312 06 Apr 2010 4.3 (v2) Medium Pass JRun Multiple Sample Files Remote Information Disclosure CVE-2000-0539 CVE-2000-0540 05 Jun 2002 6.8 (v2) Medium Pass macOS 10.12.x < 10.12.2 Multiple Vulnerabilities CVE-2016-1777 CVE-2016-1823 CVE-2016-4688 CVE-2016-4691 CVE-2016-4693 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-6303 CVE-2016-6304 CVE-2016-7141 CVE-2016-7167 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7 16 Dec 2016 7.8 (v3) High Pass IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities CVE-2008-4111 CVE-2008-4678 CVE-2008-4679 CVE-2009-0434 27 Oct 2008 6.4 (v2) Medium Pass PHProjekt setup.php Authentication Bypass Arbitrary Code Execution CVE-2004-2739 05 Dec 2004 7.5 (v2) High Pass Apple iTunes < 12.10.4 Multiple Vulnerabilities (uncredentialed check) CVE-2020-3825 CVE-2020-3826 CVE-2020-3846 CVE-2020-3861 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 05 Mar 2020 8.8 (v3) High Pass IBM WebSphere Application Server 7.0 < Fix Pack 3 CVE-2009-0508 CVE-2009-0892 CVE-2009-0903 CVE-2009-1172 CVE-2009-1173 CVE-2009-1174 10 Apr 2009 7.5 (v2) High Pass CuteNews <= 1.3.6 Multiple XSS CVE-2005-0645 CVE-2005-2393 02 Mar 2005 1.9 (v2) Low Pass EMC Avamar ADS / AVE 7.3.0.x < 7.3.0 Hot fi x 268253 / 7.3.1.x < 7.3.1 Hot fi x 272363 Incorrect File Ownership Local Privilege Escalation (ESA-2016-146) CVE-2016-8214 02 Feb 2017 6.7 (v3) Medium Pass Calendarix Multiple Vulnerabilities (SQLi, XSS) CVE-2005-1865 CVE-2005-1866 02 Jun 2005 7.5 (v2) High Pass Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003) CVE-2007-0719 CVE-2007-0467 CVE-2007-0720 CVE-2007-0721 CVE-2007-0722 CVE-2006-6061 CVE-2006-6062 CVE-2006-5679 CVE-2007-0229 CVE-2007-0267 CVE-2007-0299 CVE-2007-0723 CVE-2006-5330 CVE-2006-0300 CVE-2006-6097 CVE-2007-0 13 Mar 2007 10 (v2) Critical Pass Jenkins < 2.204.2 LTS / 2.219 Multiple Vulnerabilities CVE-2020-2100 CVE-2020-2101 CVE-2020-2102 CVE-2020-2103 CVE-2020-2104 CVE-2020-2105 CVE-2020-2106 06 Feb 2020 5.4 (v3) Medium Pass Arista Networks EOS/vEOS SegmentSmack TCP DoS (SA0036) CVE-2018-5390 17 Feb 2020 7.5 (v3) High Pass Portable SDK for UPnP Devices (libupnp) < 1.6.18 Multiple Stack-based Bu ff er Over fl ows RCE CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 01 Feb 2013 9.8 (v3) Critical Pass macOS 10.15.x < 10.15.1 / 10.14.x < 10.14.6 Security Update 2019-001 / 10.13.x < 10.13.6 Security Update 2019-006 CVE-2017-7152 CVE-2018-12152 CVE-2018-12153 CVE-2018-12154 CVE-2019-8509 CVE-2019-8592 CVE-2019-8705 CVE-2019-8706 CVE-2019-8708 CVE-2019-8709 CVE-2019-8715 CVE-2019-8716 CVE-2019-8717 CVE-2019-8736 CVE-2019-8737 CVE-201 13 Nov 2019 9.8 (v3) Critical Pass Apache Tomcat 8.5.0 < 8.5.40 Remote Code Execution Vulnerability (Windows) CVE-2019-0221 CVE-2019-0232 16 Apr 2019 8.1 (v3) High Pass Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32) CVE-2016-2178 CVE-2016-2183 CVE-2016-6304 28 Feb 2018 7.5 (v3) High Pass Trend Micro Worry-Free Business Security (WFBS) Directory Traversal Vulnerability (1122250) CVE-2019-9489 06 Mar 2020 7.5 (v3) High Pass Arista Networks EOS kernel DoS (SA0040) CVE-2013-7470 06 Mar 2020 5.9 (v3) Medium Pass Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN) CVE-2015-3197 CVE-2016-0703 CVE-2016-0800 28 Feb 2018 5.9 (v3) Medium Pass Arista Networks EOS ASN.1 Encoder RCE (SA0020) CVE-2016-2108 28 Feb 2018 9.8 (v3) Critical Pass Apple iTunes < 12.10.5 Multiple Vulnerabilities (uncredentialed check) (HT211105) CVE-2020-3885 CVE-2020-3887 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-3909 CVE-2020-3910 CVE-2020-3911 CVE-2020-9783 31 Mar 2020 9.8 (v3) Critical Pass Atlassian JIRA < 7.13.12 / 8.x < 8.5.4 / 8.6.x < 8.6.1 'Atlassian Application Links' Plugin Privilege Escalation CVE-2019-20105 20 Mar 2020 4.9 (v3) Medium Pass DNS Server Cache Snooping Remote Information Disclosure 27 Apr 2004 5.3 (v3) Medium Pass EMC RSA Authentication Manager < 8.4 P10 Multiple Vulnerabilites (DSA-2020-052) CVE-2020-5339 02 Apr 2020 4.8 (v3) Medium Pass ManageEngine Desktop Central < 10 Build 10.0.515 Information Disclosure CVE-2020-8509 03 Apr 2020 7.5 (v3) High Pass MikroTik RouterOS Winbox Unauthenticated Arbitrary File Read/Write Vulnerability CVE-2018-14847 06 Sep 2018 10 (v3) Critical Pass MySQL 5.6.x < 5.6.44 Multiple Vulnerabilities (Apr 2019 CPU) CVE-2019-1559 CVE-2019-2683 CVE-2019-2627 CVE-2019-2614 18 Apr 2019 5.9 (v3) Medium Pass IBM Spectrum Protect Plus username Command Injection CVE-2020-4213 21 Apr 2020 9.8 (v3) Critical Pass Apple TV < 13.4 Multiple Vulnerabilities CVE-2020-3883 CVE-2020-3885 CVE-2020-3887 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-3909 CVE-2020-3910 CVE-2020-3911 CVE-2020-3914 CVE-2020-3917 CVE-2020-3 21 Apr 2020 9.8 (v3) Critical Pass SSL Certi fi cate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS) 10 Apr 2014 5.3 (v3) Medium Pass Dell EMC Data Protection Central 1.0, 1.0.1, 18.1, 18.2, 19.1 Improper Certi fi cate Chain of Trust (DSA-2019-135) CVE-2019-3762 16 Apr 2020 7.5 (v3) High Pass Apache 2.2.x < 2.2.12 Multiple Vulnerabilities CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 02 Aug 2009 8.2 (v3) High Pass Cisco NX-OS Cisco Fabric Services Multiple Vulnerabilities. CVE-2018-0304 CVE-2018-0305 CVE-2018-0308 CVE-2018-0310 CVE-2018-0311 CVE-2018-0312 CVE-2018-0314 25 Jun 2018 9.8 (v3) Critical Pass SSL Certi fi cate Cannot Be Trusted 15 Dec 2010 6.5 (v3) Medium Pass Windows Deployment Services TFTP Server Remote Code Execution Vulnerability CVE-2019-0603 19 Mar 2019 7.5 (v3) High Pass SSL/TLS Services Support RC4 (PCI DSS) CVE-2013-2566 CVE-2015-2808 29 Jan 2018 5.9 (v3) Medium Pass WinShell Trojan Detection 06 Feb 2018 9.8 (v3) Critical Pass Multi-Threaded HTTP Server v1.1 for Zimbra 15 Mar 2018 5.3 (v3) Medium Pass Trend Micro Control Manager GetPassword() SQLi CVE-2018-3604 28 Jun 2018 7.3 (v3) High Pass pfSense < 2.3.1 Multiple Vulnerabilities (SA-16_03 / SA-16-04) CVE-2016-1886 CVE-2016-1887 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 31 Jan 2018 7.8 (v3) High Pass Cisco Email Security Appliance Multiple DoS Vulnerabilities (cisco-sa-20190109-esa-dos / cisco-sa-20190109-esa-url-dos) CVE-2018-15453 CVE-2018-15460 18 Jan 2019 8.6 (v3) High Pass Apache Server ETag Header Information Disclosure CVE-2003-1418 22 Jan 2016 5.3 (v3) Medium Pass jspwebshell Backdoor Detection 18 Dec 2015 7.5 (v2) High Pass Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities CVE-2013-6987 05 Feb 2014 7.5 (v2) High Pass OpenSSL 1.1.1 < 1.1.1e-dev Procedure Over fl ow Vulnerability CVE-2019-1551 09 Jan 2020 5.3 (v3) Medium Pass OpenSSL 1.0.2 < 1.0.2u Procedure Over fl ow Vulnerability CVE-2019-1551 09 Jan 2020 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS 9.1.x < 9.1.2 Vulnerability CVE-2020-1995 21 May 2020 4.9 (v3) Medium Pass PHP 7.3.x < 7.3.17 Out of Bounds Read Vulnerability CVE-2020-7067 23 Apr 2020 7.5 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability CVE-2020-2014 22 May 2020 8.8 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.13 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Vulnerability CVE-2020-1994 22 May 2020 4.4 (v3) Medium Pass Palo Alto Networks PAN-OS 7.1.x / 8.0.x / 8.1.x < 8.1.14 Bu ff er Over fl ow CVE-2020-2006 22 May 2020 8.8 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability CVE-2020-2010 22 May 2020 7.2 (v3) High Pass MariaDB 10.3.0 < 10.3.9 Multiple Vulnerabilities CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 05 Jun 2019 7.1 (v3) High Pass Plex Media Server Detection 05 Jun 2020 None Pass Cisco UCS Director for Role-Based Access Control (cisco-sa-ucsd-Ar6BAguz) CVE-2020-3329 04 Jun 2020 4.3 (v3) Medium Pass Atlassian JIRA 6.0 < 8.5.5 / 8.6 < 8.8.1 XSS (JRASERVER-70923) CVE-2020-4021 03 Jun 2020 5.4 (v3) Medium Pass Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability (cisco-sa-20190501-aci-hw-clock-util) CVE-2019-1592 03 Jun 2020 7.8 (v3) High Pass Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability (cisco-sa-20190501-nexus9k-sshkey) CVE-2019-1804 03 Jun 2020 9.8 (v3) Critical Pass Plex Media Server < 1.18.2 Privilege Escalation CVE-2020-5740 11 Jun 2020 7.8 (v3) High Pass Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability (cisco-sa-20190501-nexus9k-rpe) CVE-2019-1803 03 Jun 2020 6.7 (v3) Medium Pass Oracle 9iAS Nonexistent .jsp File Request Error Message Path Disclosure CVE-2001-1372 11 Feb 2003 5 (v2) Medium Pass EMC VMAX VASA Provider Virtual Appliance < 8.4.0 File Upload RCE CVE-2017-4997 28 Jul 2017 9.8 (v3) Critical Pass Cisco Prime Security Manager OpenSSL Alternative Chains Certi fi cate Forgery (cisco-sa-20150710-openssl) CVE-2015-1793 23 Sep 2015 6.5 (v3) Medium Pass EMC VMAX VASA Provider Virtual Appliance < 8.4.0.512 Authentication Bypass Vulnerability CVE-2017-14375 03 Nov 2017 9.8 (v3) Critical Pass Netref cat_for_gen.php Arbitrary PHP Command Injection CVE-2005-1222 23 May 2005 7.5 (v2) High Pass Cisco Uni fi ed MeetingPlace Multiple Session Weaknesses CVE-2013-1168 CVE-2013-1169 23 Sep 2013 9.3 (v2) High Pass MailEnable HTTPMail Service Content-Length Header Over fl ow 03 Sep 2004 10 (v2) Critical Pass VMware VRealize Operations Manager 6.x Oracle JRE JMX Deserialization RCE (VMSA-2016-0005) CVE-2016-3427 26 May 2016 9 (v3) Critical Pass VMware vRealize Log Insight 2.x / 3.x < 3.6.0 Directory Traversal File Disclosure (VMSA-2016-0011) CVE-2016-5332 19 Aug 2016 5.3 (v3) Medium Pass OmniHTTPd Encoded Space Request Script Source Disclosure CVE-2001-0778 13 Aug 2001 5 (v2) Medium Pass VisNetic / Merak Mail Server Multiple Remote Vulnerabilities CVE-2005-4556 CVE-2005-4557 CVE-2005-4558 CVE-2005-4559 28 Dec 2005 7.3 (v3) High Pass PolarSSL Weak Signature Algorithm Negotiation CVE-2014-8627 07 Jan 2015 5.3 (v3) Medium Pass Multiple Server Crafted Request WEB-INF Directory Information Disclosure CVE-2002-1855 CVE-2002-1856 CVE-2002-1857 CVE-2002-1858 CVE-2002-1859 CVE-2002-1860 CVE-2002-1861 01 Jul 2002 5 (v2) Medium Pass Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration CVE-2005-0420 28 Mar 2005 4.3 (v2) Medium Pass Nagios XI < 2011R3.0 Multiple XSS Vulnerabilities 23 Jul 2012 4.3 (v2) Medium Pass JGS-Portal for WoltLab Burning Board Multiple Vulnerabilities (SQLi, XSS) CVE-2005-1633 CVE-2005-1634 17 May 2005 7.5 (v2) High Pass Linksys Multiple Vulnerabilities (OF, DoS, more) CVE-2005-2799 CVE-2005-2912 CVE-2005-2914 CVE-2005-2915 CVE-2005-2916 28 Oct 2005 10 (v2) Critical Pass Cisco ASA / IOS IKE Fragmentation Vulnerability CVE-2016-1287 CVE-2016-1344 29 Feb 2016 9.8 (v3) Critical Pass Oracle Application Express (Apex) CVE-2008-4005 CVE-2008-4005 20 Feb 2013 4.3 (v2) Medium Pass Oracle Application Express (Apex) Unspeci fi ed Issues (pre 3.1) 20 Feb 2013 10 (v2) Critical Pass POP3 Service STLS Plaintext Command Injection CVE-2011-0411 10 Mar 2011 4 (v2) Medium Pass OpenSSH MaxAuthTries Bypass CVE-2015-5600 24 Sep 2015 8.2 (v3) High Pass IBM Tivoli Directory Server TLS NULL Cipher (uncredentialed check) CVE-2012-0726 17 Oct 2012 6.4 (v2) Medium Pass OpenCA Multiple Signature Validation Bypass CVE-2003-0960 13 Sep 2004 7.5 (v2) High Pass CGI Generic Unseen Parameters Discovery 25 Jan 2010 6.8 (v2) Medium 27

RELAYTO Endpoints Penetration Test Results - Page 27

RELAYTO Endpoints Penetration Test Results Page 26 Page 28