RELAYTO Endpoints Penetration Test Results (65/101)

Pass Novell ZENworks ChangePassword RPC XPath Injection CVE-2015-5970 26 Feb 2016 5.3 (v3) Medium Pass MySQL 8.0.x < 8.0.23 Multiple Vulnerabilities (Jan 2021 CPU) CVE-2020-1971 CVE-2021-2002 CVE-2021-2010 CVE-2021-2011 CVE-2021-2014 CVE-2021-2021 CVE-2021-2022 CVE-2021-2024 CVE-2021-2031 CVE-2021-2032 CVE-2021-2036 CVE-2021-2038 CVE-2021-2046 CVE-2021-2048 CVE-2021-2056 CVE-2021-2 22 Jan 2021 5 (v3) Medium Pass Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Over fl ow CVE-2005-3655 20 Jan 2006 7.5 (v2) High Pass VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check) CVE-2013-0166 CVE-2013-0169 CVE-2013-0268 CVE-2013-0338 CVE-2013-0871 CVE-2013-2116 04 Mar 2016 6.9 (v2) Medium Pass VMware ESX / ESXi Guest OS Local Privilege Escalation (VMSA-2013-0014) (remote check) CVE-2013-3519 04 Mar 2016 7.9 (v2) High Pass Atlassian Con fl uence Server Arbitrary File Read (CVE-2021-26085) CVE-2021-26085 20 Oct 2021 5.3 (v3) Medium Pass OpenSSL Unsupported 17 Oct 2014 10 (v3) Critical Pass Tenable SecurityCenter 5.16.x / 5.17.0 Multiple Vulnerabilities (TNS-2021-03) CVE-2021-23840 CVE-2021-23841 05 Mar 2021 7.5 (v3) High Pass Cisco TelePresence Management Suite Stored XSS (cisco-sa-tms-xss-CwjZJSQc) CVE-2021-34760 27 Oct 2021 4.8 (v3) Medium Pass IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check) CVE-2014-6183 02 Jan 2015 4 (v2) Medium Pass Cisco Email Security Appliance Filter Bypass (cisco-sa-ESA- fi lt-39jXvMfM) CVE-2020-3370 23 Jul 2020 5.8 (v3) Medium Pass Cisco Email Security Appliance DoS (cisco-sa-esa-tls-dos-xW53TBhb) CVE-2020-3548 04 Sep 2020 5.3 (v3) Medium Pass PHP 7.3.x < 7.3.31 Arbitrary File Write CVE-2021-21706 28 Oct 2021 6.5 (v3) Medium Pass Symantec (Blue Coat) Reporter Denial of Service vulnerability (SYMSA1280) CVE-2011-1473 23 May 2019 6.5 (v3) Medium Pass SolarWinds Orion Platform 2020.2.0 < 2020.2.6 Multiple Vulnerabilities CVE-2021-35213 CVE-2021-35215 17 Nov 2021 8.8 (v3) High Pass Cisco IOS Software DHCP Remote Code Execution Vulnerability CVE-2017-12240 02 Oct 2017 9.8 (v3) Critical Pass Cisco IOS Software CIP Multiple Vulnerabilities (cisco-sa-20170927-cip) CVE-2017-12233 CVE-2017-12234 05 Oct 2017 7.5 (v3) High Pass Microsoft Windows XP Unsupported Installation Detection 25 Mar 2014 10 (v3) Critical Pass Cyrus IMAPd NNTP AUTHINFO USER Command Parsing Authentication Bypass CVE-2011-3372 19 Dec 2011 6.4 (v2) Medium Pass VMware vCenter Operations Manager Web UI Default Credentials 10 Apr 2015 7.5 (v2) High Pass Cisco IOS Software Quality of Service Remote Code Execution Vulnerability CVE-2018-0151 29 Mar 2018 9.8 (v3) Critical Pass Cisco IOS Software Link Layer Discovery Protocol Bu ff er Over fl ow Vulnerabilities (cisco-sa-20180328-lldp) CVE-2018-0167 CVE-2018-0175 06 Apr 2018 8.8 (v3) High Pass Cisco Uni fi ed Communications Manager Java Interface SQL Injection (CSCuo17337) CVE-2014-3287 18 Jun 2014 4 (v2) Medium Pass Atlassian JIRA Server & JIRA Data Center Template Injection Vulnerability CVE-2019-11581 11 Jul 2019 9.8 (v3) Critical Pass Cisco Uni fi ed Computing System Integrated Management Controller XSRF (CSCuq45477) CVE-2014-7996 01 May 2015 6.8 (v2) Medium Pass IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.7 XSS CVE-2015-1907 18 May 2015 4 (v2) Medium Pass Cisco IOS Software Integrated Services Module for VPN DoS (cisco-sa-20180328-dos) CVE-2018-0154 21 Nov 2019 7.5 (v3) High Pass Apple TV < 12.4.1 A Use-After-Free Vulnerability CVE-2019-8605 04 Dec 2019 7.8 (v3) High Pass ManageEngine Applications Manager Unsupported Version Detection 08 Jun 2015 10 (v2) Critical Pass Cisco IOS Software Internet Key Exchange Version 1 DoS (cisco-sa-20180328-ike-dos) CVE-2018-0159 27 Nov 2019 7.5 (v3) High Pass phpMoAdmin Detection 16 Jun 2015 None Pass Splunk Unsupported Version Detection 23 Jun 2015 10 (v3) Critical Pass Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability CVE-2019-1605 20 Dec 2019 7.8 (v3) High Pass Palo Alto Networks PAN-OS GlobalProtect Web Portal RCE (PAN-SA-2016-0005) CVE-2016-3657 28 Mar 2016 9.8 (v3) Critical Pass EMC Documentum D2 4.1 / 4.2.x < 4.2 P16 / 4.5.x < 4.5 P03 Multiple DQL Injection Vulnerabilities CVE-2015-0547 CVE-2015-0548 09 Jul 2015 4 (v2) Medium Pass MaraDNS Server Version Detection 11 Apr 2014 None Pass Cisco IOS Software Simple Network Management Protocol GET MIB Object ID DoS (cisco-sa-20180328-snmp) CVE-2018-0161 27 Nov 2019 6.3 (v3) Medium Pass Oracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU) CVE-2014-1569 CVE-2015-2623 CVE-2015-4744 16 Jul 2015 7.5 (v2) High Pass IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE) CVE-2014-0919 CVE-2014-6209 CVE-2014-6210 CVE-2014-8730 CVE-2014-8901 CVE-2014-8910 CVE-2015-0138 CVE-2015-0157 CVE-2015-1788 CVE-2015-1883 CVE-2015-1922 CVE-2015-1935 CVE-2015-2808 18 Jul 2015 7.6 (v3) High Pass Polycom SIP Detection 23 Sep 2013 None Pass Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities CVE-2009-5044 CVE-2009-5078 CVE-2012-6685 CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2013-7040 CVE-2013-7338 CVE-2013-7422 CVE-2014-0067 CVE-2014-0106 CVE-2014-0191 CVE-2014-1912 CVE-2014-3581 CVE-2014-3 17 Aug 2015 9.3 (v2) High Pass Alcatel OmniSwitch Default Credentials (telnet) 30 Sep 2013 6.4 (v2) Medium Pass Xerox WorkCentre Multiple Unspeci fi ed Vulnerabilities (XRX13-006) 10 Oct 2013 10 (v2) Critical Pass Xerox ColorQube Multiple Unspeci fi ed Vulnerabilities (XRX13-006) 10 Oct 2013 10 (v2) Critical Pass Tenable Appliance Web Detection 17 Jul 2012 None Pass NETGEAR ReadyNAS Remote Unauthenticated Command Execution CVE-2013-2751 24 Oct 2013 9.8 (v3) Critical Pass ESXi 5.0 < Build 1197855 NFC Tra ffi c Denial of Service (remote check) CVE-2013-1661 13 Nov 2013 4.3 (v2) Medium Pass OpenVAS Administrator / Manager Authentication Bypass CVE-2013-6765 CVE-2013-6766 15 Nov 2013 7.5 (v2) High Pass SSH Weak MAC Algorithms Enabled 22 Nov 2013 2.6 (v2) Low Pass Blackboard LC3000 Laundry Reader Default Telnet Password 26 Nov 2013 10 (v2) Critical Pass ASUS RT-N13U Router Built-in Admin Telnet Account with Unchangeable Password 26 Nov 2013 10 (v2) Critical Pass ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check) CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 13 Nov 2013 9.3 (v2) High Pass Cisco WAAS Mobile Server Web Administration Interface Detection 07 Jan 2014 None Pass ScMM DSL Modem/Router Backdoor Detection CVE-2014-0659 06 Jan 2014 10 (v2) Critical Pass ESXi 5.5 < Build 1474526 File Descriptors Privilege Escalation (remote check) CVE-2013-5973 31 Dec 2013 4.4 (v2) Medium Pass OpenSSL 1.0.0 < 1.0.0l DTLS Security Bypass CVE-2013-6450 08 Jan 2014 5.8 (v2) Medium Pass HP Intelligent Management Center Web Administration Interface Default Credentials 09 Jan 2014 7.5 (v2) High Pass NETGEAR DGN2200 Multiple Vulnerabilities 05 Mar 2014 8.8 (v3) High Pass Cisco TelePresence ISDN Gateway D-Channel DoS CVE-2014-0660 28 Jan 2014 7.1 (v2) High Pass Alvarion Multiple Products Default Telnet Credentials 31 Jan 2014 10 (v2) Critical Pass SAProuter Remote Authentication Bypass (Note 1853140) CVE-2013-7093 03 Feb 2014 5 (v2) Medium Pass Emerson Network Power Avocent MergePoint Unity KVM Switch < 1.14 / 1.18 download.php fi lename Parameter Directory Traversal CVE-2013-6030 05 Feb 2014 5 (v2) Medium Pass Geeklog auth.inc.php loginname Parameter SQL Injection CVE-2006-2700 31 May 2006 5.1 (v2) Medium Pass Nortel CS Signaling Server Default Admin Credentials 20 Feb 2014 9.8 (v3) Critical Pass CoSoSys Endpoint Protector < 4.4.0.1 Unspeci fi ed XSS 24 Feb 2014 4.3 (v2) Medium Pass Anonymous SFTP Enabled 24 Feb 2014 None Pass Adobe Connect < 9.5.7 event_registration.html Multiple Parameter XSS (APSB16-35) CVE-2016-7851 14 Nov 2016 6.1 (v3) Medium Pass DNS Server Version Detection 03 Mar 2014 None Pass Xerox ColorQube ConnectKey Controller Multiple Unspeci fi ed Vulnerabilities (XRX14-001) 19 Feb 2014 10 (v2) Critical Pass IBM Rational Focal Point RequestAccessController Servlet File Disclosure CVE-2013-5398 06 Mar 2014 3.3 (v2) Low Pass activePDF Server < 3.8.6 Packet Handling Remote Over fl ow CVE-2007-5397 05 Mar 2008 10 (v2) Critical Pass Veritas Storage Foundation Multiple Service Remote DoS (SYM08-004) CVE-2007-4516 CVE-2008-0638 15 Apr 2008 3.3 (v2) Low Pass Cisco ONS 15454 Controller Card DoS (CSCun06870) CVE-2014-2142 10 Apr 2014 5 (v2) Medium Pass MS07-062: Vulnerability in DNS Could Allow Spoo fi ng (941672) (uncredentialed check) CVE-2007-3898 05 Mar 2014 6.4 (v2) Medium Pass Oracle WebLogic Server mod_wl Invalid Parameter Remote Over fl ow (1150354) CVE-2008-4008 16 Nov 2008 10 (v2) Critical Pass Atmail Webmail < 6.5.0 'DOM processor' XSS 18 Apr 2014 4.3 (v2) Medium Pass Apple iTunes < 12.10.3 Multiple Vulnerabilities (uncredentialed check) CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-8848 CVE-2019-15903 27 Dec 2019 8.8 (v3) High Pass Cisco Network Registrar 7.1 DHCPv6 DoS (CSCuo07437) CVE-2014-2155 29 Apr 2014 5 (v2) Medium Pass ACC Tigris Access Terminal Con fi guration Disclosure CVE-1999-0383 21 Mar 2000 6.4 (v2) Medium Pass Multiple Vendor SNMP public Community String Information Disclosure 19 May 2014 5 (v2) Medium Pass Web Server on Extended Support 11 Jun 2014 None Pass Brocade Fabric OS Default Credentials 16 Jun 2014 9.8 (v3) Critical Pass RSP Detection 27 Sep 2010 None Pass Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure CVE-2013-0169 14 Jul 2014 2.6 (v2) Low Pass HP Intelligent Management Center 7.x < 7.0-E0202P03 Multiple Vulnerabilities CVE-2014-2618 CVE-2014-2619 CVE-2014-2620 CVE-2014-2621 CVE-2014-2622 21 Jul 2014 8.5 (v2) High Pass HP BladeSystem c-Class Onboard Administrator 4.11 / 4.20 Heartbeat Information Disclosure (Heartbleed) CVE-2014-0160 15 Jul 2014 7.5 (v3) High Pass Junos OS: Path traversal vulnerability in J-Web (JSA10985) CVE-2020-1606 17 Jan 2020 5.4 (v3) Medium Pass WebTitan Web Interface Default Credentials 24 Jul 2014 7.5 (v2) High Pass CODESYS WAGO WebVisu Password Information Disclosure Vulnerability 25 Aug 2014 5 (v2) Medium Pass CODESYS WAGO WebVisu Detection 25 Aug 2014 None Pass OS Identi fi cation : NTP 19 May 2007 None Pass Unsupported Cisco MXP Series Device CVE-2014-3362 19 Sep 2014 7.8 (v2) High Pass Silver Peak NX Detection 25 Sep 2014 None Pass Cisco HyperFlex HX Command Injection Direct Check (cisco-sa-hyper fl ex-rce-TjjNrkpR) CVE-2021-1497 CVE-2021-1498 26 May 2021 9.8 (v3) Critical Pass IBM Jazz Team Server Session Cookie Information Disclosure CVE-2014-3092 06 Oct 2014 5 (v2) Medium Pass CommuniGate Pro LISTS Module Malformed Multipart Message DoS CVE-2005-1007 06 Apr 2005 5 (v2) Medium Pass Palo Alto Networks PAN-OS 7.0.x < 7.0.6 DHCP Packet Handling Dataplane DoS 07 Jul 2016 5 (v2) Medium Pass Unprotected Telnet Service 13 Nov 2014 10 (v2) Critical Pass DNN (DotNetNuke) Detection 02 Dec 2009 None Pass Embedded HP Web Server Detected 13 Aug 2018 None Pass ARRIS Touchstone Cable Modem Detection 07 Nov 2014 None Pass Western Digital ShareSpace Detection 18 Jul 2012 None Pass Apache Hadoop YARN ResourceManager Web Interface 20 Sep 2018 None Pass Horde Kronolith Detection 07 Aug 2012 None Pass EMail Security Virtual Appliance Detection 06 Sep 2012 None Pass Atlassian Con fl uence VelocityServlet Error Page XSS 27 Sep 2012 4.3 (v2) Medium Pass AXIS Camera Unsecured Feed Detection 21 Feb 2019 None Pass MapServer for Windows (MS4W) Detection 01 Nov 2012 None Pass Traq Detection 12 Nov 2012 None Pass PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability CVE-2018-17082 14 Sep 2018 6.1 (v3) Medium Pass Apple TV < 13.3 Multiple Vulnerabilities CVE-2019-8828 CVE-2019-8830 CVE-2019-8832 CVE-2019-8833 CVE-2019-8835 CVE-2019-8836 CVE-2019-8838 CVE-2019-8844 CVE-2019-8846 CVE-2019-8848 CVE-2019-15903 13 Dec 2019 8.8 (v3) High Pass Juniper Junos SRX Series Upgrade Handling Local Root Authentication Bypass (JSA10753) CVE-2016-1278 22 Jul 2016 7.2 (v2) High 65

RELAYTO Endpoints Penetration Test Results - Page 65

RELAYTO Endpoints Penetration Test Results Page 64 Page 66