RELAYTO Penetration Test Results (23/101)

Pass Juniper Junos SRX Series FTP ALG ftps-extension TCP Port Exposure (JSA10706) CVE-2015-5361 26 Oct 2015 6.4 (v2) Medium Pass Juniper Junos Corrupt pam.conf Security Bypass (JSA10707) CVE-2015-7751 26 Oct 2015 6.9 (v2) Medium Pass NUUO NVRMini2 Multiple Vulnerabilities CVE-2018-1149 CVE-2018-1150 17 Sep 2018 9.8 (v3) Critical Pass IBM WebSphere Application Server 7.0 < Fix Pack 5 CVE-2009-0899 CVE-2009-1195 CVE-2009-1898 CVE-2009-1899 CVE-2009-1900 CVE-2009-1901 CVE-2009-2085 CVE-2009-2087 CVE-2009-2088 CVE-2009-2089 CVE-2009-0899 CVE-2009-2090 CVE-2009-2091 CVE-2009-209231 Aug 2009 6.8 (v2) Medium Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2017 CPU) CVE-2016-3092 CVE-2017-10024 CVE-2017-10025 CVE-2017-10028 CVE-2017-10029 CVE-2017-10030 CVE-2017-10035 CVE-2017-10041 CVE-2017-10043 CVE-2017-10058 CVE-2017-10059 CVE-2017-10156 CVE-2017-1015704 Jul 2019 8.2 (v3) High Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2019 CPU) CVE-2015-9251 CVE-2019-2742 CVE-2019-2767 CVE-2019-2768 CVE-2019-2771 17 Jul 2019 8.2 (v3) High Pass Cisco NX-OS Software IPv6 Denial of Service Vulnerability (cisco-sa-20190828-nxos-ipv6-dos) CVE-2019-1964 10 Jan 2020 7.5 (v3) High Pass PHP-Fusion extract() Global Variable Overwriting CVE-2006-4673 08 Sep 2006 2.6 (v2) Low Pass WP Smart Security Plugin for WordPress PHP Object Injection 08 Dec 2017 8.3 (v3) High Pass HP Operations Orchestration 10.x < 10.51 Java Object Deserialization RCE CVE-2016-1997 23 Mar 2016 9.8 (v3) Critical Pass Operating System Unsupported Version Detection in banner reporting (PCI-DSS check) 22 Feb 2019 10 (v3) Critical Pass Apple TV < 9.1.1 Multiple Vulnerabilities CVE-2015-7995 CVE-2016-1717 CVE-2016-1719 CVE-2016-1720 CVE-2016-1721 CVE-2016-1722 CVE-2016-1724 CVE-2016-1727 27 Jan 2016 8.8 (v3) High Pass MySQL 8.0.x < 8.0.17 Multiple Vulnerabilities (July 2019 CPU) CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741 CVE-2019-2752 CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780 CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2791 CVE-2019-2795 CVE-2019-2796 CVE-2019-2797 CVE-2019-2800 CVE-2019-2801 CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810 CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819 CVE-2019-2822 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879 CVE-2019-2948 CVE-2019-2950 CVE-2019-2969 CVE-2019-300318 Jul 2019 7.5 (v3) High Pass OpenSSL 1.0.2 < 1.0.2g Multiple Vulnerabilities (DROWN) CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 02 Mar 2016 9.8 (v3) Critical Pass VMware ESX sudo Package Multiple Vulnerabilities (VMSA-2013-0007) (remote check) CVE-2012-2337 CVE-2012-3440 04 Mar 2016 7.2 (v2) High Pass NFX Series: Insecure sshd conﬁguration in Juniper Device Manager (JDM) and host OS (JSA10878) CVE-2018-0044 05 Jul 2019 8.1 (v3) High Pass pfSense < 2.1.5 Multiple Vulnerabilities (SA-14_15 - SA-14_17) 31 Jan 2018 9.8 (v3) Critical Pass OpenSSL 0.9.8 < 0.9.8zd Multiple Vulnerabilities (FREAK) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 16 Jan 2015 5 (v2) Medium Pass Cisco HyperFlex Software Unauthenticated Root Access (cisco-sa-20190220-chn-root-access) CVE-2019-1664 25 Aug 2020 7.8 (v3) High Pass pfSense 2.3.x < 2.3.5-p1 / 2.4.x < 2.4.2-p1 Multiple Vulnerabilities (SA-17_10 / SA-17_11) CVE-2017-3737 CVE-2017-3738 31 Jan 2018 5.9 (v3) Medium Pass EMC Data Protection Advisor < 6.4.110 Database Hardcoded Password Vulnerability CVE-2018-1206 16 Mar 2018 7.8 (v3) High Pass Cisco HyperFlex Software Command Injection (cisco-sa-20190220-hyperﬂex-injection) CVE-2018-15380 25 Aug 2020 8.8 (v3) High Pass Web Form Sending Credentials Using GET (PCI-DSS check) 03 Apr 2018 5.3 (v3) Medium Pass OpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2016-0703 CVE-2016-0704 24 Mar 2015 6.8 (v2) Medium Pass SonicWALL Global Management System (GMS) / Analyzer sgms Webapp File Deletion 04 May 2018 7.3 (v3) High Pass Splunk Enterprise < 5.0.19 / 6.0.15 / 6.1.14 / 6.2.14 / 6.3.11 Error Message Spooﬁng 16 Jun 2017 4.3 (v3) Medium Pass Cisco TelePresence TC and TE Software Multiple Vulnerabilities (cisco-sa-20150513-tc) CVE-2014-2174 CVE-2015-0722 20 May 2015 8.3 (v2) High Pass Microsoft IIS IDC Extension XSS 24 Oct 2002 4.3 (v2) Medium Pass Linksys Smart Wi-Fi Router CGI Scripts Information Disclosure 19 Jul 2017 5.3 (v3) Medium Pass MS04-031: Vulnerability NetDDE Could Allow Code Execution (841533) (uncredentialed check) CVE-2004-0206 27 Oct 2004 10 (v2) Critical Pass BlackBoard Internet Newsboard System checkdb.inc.php libpath Parameter Remote File Inclusion CVE-2004-1582 11 Oct 2004 7.5 (v2) High Pass SolarWinds Orion Multiple SQLi Vulnerabilities CVE-2014-9566 27 May 2015 7.5 (v2) High Pass Observium PHP Object Unserialization Remote File Writing Vulnerability 29 Nov 2016 9.8 (v3) Critical Pass ONVIF Username and Password leak 31 Oct 2017 5.3 (v3) Medium Pass SonicWALL Global Management System (GMS) 8.x < 8.2 Multiple Vulnerabilities 05 Jan 2017 8.3 (v3) High Pass Cisco Data Center Network Manager SQL Injection (cisco-sa-dcnm-sql-inject-8hk6PwmF) CVE-2020-3462 11 Aug 2020 6.3 (v3) Medium Pass Trend Micro InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Conﬁguration ManipulationCVE-2001-0432 23 Aug 2001 10 (v2) Critical Pass IBM Tivoli Storage Manager FastBack 6.1.x < 6.1.12 Multiple Vulnerabilities CVE-2015-1923 CVE-2015-1924 CVE-2015-1925 CVE-2015-1929 CVE-2015-1930 CVE-2015-1938 CVE-2015-1941 CVE-2015-1942 CVE-2015-1948 CVE-2015-1949 CVE-2015-1953 CVE-2015-1954 CVE-2015-1962 CVE-2015-1963 CVE-2015-1964 CVE-2015-1965 CVE-2015-1986 CVE-2016-0212 CVE-2016-0213 CVE-2016-021607 Jul 2015 9.8 (v3) Critical Pass McAfee ePolicy Orchestrator Agent < 5.0.4.449 Log Viewer DoS CVE-2017-3896 16 Feb 2017 5.9 (v3) Medium Pass NetIQ Sentinel Java Object Deserialization RCE 20 Apr 2016 9.8 (v3) Critical Pass Trend Micro Control Manager download.php File Disclosure 17 Feb 2017 7.5 (v3) High Pass Cisco Data Center Network Manager Improper Authorization (cisco-sa-dcnm-improper-auth-7Krd9TDT) CVE-2020-3386 11 Aug 2020 8.8 (v3) High Pass Cisco Data Center Network Manager Information Disclosure (cisco-sa-dcnm-info-disclosure-tFX3KerC) CVE-2020-3461 12 Aug 2020 5.3 (v3) Medium Pass NetGain Enterprise Manager Command Injection 10 Mar 2017 9.8 (v3) Critical Pass Microsoft IIS 6.0 Unsupported Version Detection 17 Apr 2017 10 (v3) Critical Pass MySQL 8.0.x < 8.0.18 Multiple Vulnerabilities (Oct 2019 CPU) CVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957 CVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968 CVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997 CVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018 CVE-2019-5443 CVE-2020-2580 CVE-2020-2589 CVE-2020-2752 CVE-2021-2001 CVE-2021-216018 Oct 2019 7.8 (v3) High Pass Sophos Web Protection Appliance Multiple Vulnerabilities CVE-2013-4983 CVE-2013-4984 26 Sep 2013 10 (v3) Critical Pass Microsoft DNS Server Inverse Query Buﬀer Over-Read CVE-2016-82007 24 Mar 2016 4 (v2) Medium Pass MailEnable Webmail Malformed Encoded Quoted-printable Email DoS (CVE-2006-1338) CVE-2006-1338 22 Mar 2006 5 (v2) Medium Pass Cisco TelePresence Server Malformed STUN Packet Processing DoS (cisco-sa-20160406-cts2) CVE-2015-6312 15 Apr 2016 7.5 (v3) High Pass ESXi 6.5 / 6.7 XSS (VMSA-2020-0008) CVE-2020-3955 15 Jul 2020 9.3 (v3) Critical Pass Core FTP Server < 1.2 Build 588 32-bit Unspeciﬁed Overﬂow Vulnerability 27 Apr 2016 10 (v2) Critical Pass WP Mobile Detector Plugin for WordPress File Upload RCE 19 Jul 2016 7.5 (v2) High Pass SolarWinds Server & Application Monitor (SAM) Alert Handling Local Privilege Escalation 03 Jun 2016 6.8 (v2) Medium Pass IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities CVE-2012-1541 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0401 CVE-2013-0402 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0430 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0437 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0446 CVE-2013-0448 CVE-2013-0449 CVE-2013-0450 CVE-2013-0809 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1479 CVE-2013-1480 CVE-2013-1481 CVE-2013-1488 CVE-2013-1489 CVE-2013-1491 CVE-2013-1493 CVE-2013-1500 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569 CVE-2013-1571 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2400 CVE-2013-2407 CVE-2013-2412 CVE-2013-2414 CVE-2013-2415 CVE-2013-2416 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2425 CVE-2013-2426 CVE-2013-2427 CVE-2013-2428 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2432 CVE-2013-2433 CVE-2013-2434 CVE-2013-2435 CVE-2013-2436 CVE-2013-2437 CVE-2013-2438 CVE-2013-2439 CVE-2013-2440 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2462 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2467 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-3743 CVE-2013-3744 CVE-2013-400204 Nov 2013 10 (v2) Critical Pass IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities CVE-2012-2098 CVE-2013-0460 CVE-2013-0464 CVE-2013-0467 CVE-2013-0599 CVE-2013-1862 CVE-2013-1896 CVE-2013-3029 CVE-2013-4004 CVE-2013-4005 CVE-2013-4006 CVE-2013-4052 CVE-2013-4053 CVE-2013-5414 CVE-2013-5417 CVE-2013-5418 CVE-2013-542505 Dec 2013 6.8 (v2) Medium Pass Sonatype Nexus Repository Manager Java Object Deserialization RCE 20 Jul 2016 10 (v2) Critical Pass Synology DiskStation Manager (DSM) Web Administration Interface Default Credentials 16 Sep 2016 9.8 (v3) Critical Pass Cisco IOS XR Software BGP EVPN DoS (cisco-sa-20200122-ios-xr-evpn) CVE-2019-16019 CVE-2019-16020 CVE-2019-16021 CVE-2019-16022 CVE-2019-16023 31 Jan 2020 8.6 (v3) High Pass pfSense 2.3.x < 2.3.5-p2 / 2.4.x < 2.4.3-p1 Multiple Vulnerabilities (SA-18_04 / SA-18_05) CVE-2018-6920 CVE-2018-6921 CVE-2018-8897 27 Dec 2018 7.8 (v3) High Pass CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO87569) CVE-2007-1785 CVE-2007-2139 25 Apr 2007 10 (v2) Critical Pass ManageEngine Desktop Central Tools Execution Status Update RCE (intrusive check) 21 Oct 2015 10 (v2) Critical Pass Symantec Reporting Server < 1.0.224.0 Multiple Vulnerabilities CVE-2007-3021 CVE-2007-3022 CVE-2007-3095 08 Jun 2007 9 (v2) High Pass ServerView Servername Parameter Arbitrary Command Execution CVE-2007-3011 06 Jul 2007 7.5 (v2) High Pass OpenSSL 0.9.8 < 0.9.8za Multiple Vulnerabilities CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 06 Jun 2014 6.8 (v2) Medium Pass ESXi 5.0 < Build 3086167 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)CVE-2015-6933 15 Jan 2016 6.3 (v3) Medium Pass Cisco IOS Smart Install Packet Image List Parameter Handling DoS (cisco-sa-20160323-smi) CVE-2016-1349 06 Apr 2016 7.5 (v3) High Pass IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities CVE-2013-0460 CVE-2013-4052 CVE-2013-4053 CVE-2013-5372 CVE-2013-5414 CVE-2013-5417 CVE-2013-5418 CVE-2013-5780 CVE-2013-5803 CVE-2013-6325 CVE-2013-672520 Jan 2014 6.8 (v2) Medium Pass Lexmark Markvision Enterprise Java Object Deserialization RCE CVE-2016-1487 17 Feb 2016 10 (v2) Critical Pass Apple TV < 11.3 Multiple Vulnerabilities CVE-2018-4101 CVE-2018-4104 CVE-2018-4113 CVE-2018-4114 CVE-2018-4115 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4130 CVE-2018-4142 CVE-2018-4143 CVE-2018-4144 CVE-2018-4146 CVE-2018-4150 CVE-2018-4155 CVE-2018-4157 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4166 CVE-2018-416716 Apr 2018 7.8 (v3) High Pass Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass CVE-2007-2815 25 Mar 2008 4.3 (v2) Medium Pass Seditio plug.php pag_sub Parameter SQL Injection CVE-2007-6202 02 Dec 2007 6.8 (v2) Medium Pass ESXi 5.0 < Build 1749766 Multiple Vulnerabilities (remote check) CVE-2013-5211 CVE-2014-8370 29 Jan 2015 6.4 (v2) Medium Pass VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check) CVE-2008-3916 CVE-2008-4316 CVE-2008-4552 CVE-2009-0115 CVE-2009-0590 CVE-2009-1189 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-2695 CVE-2009-2849 CVE-2009-2904 CVE-2009-2905 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3560 CVE-2009-3563 CVE-2009-3612 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621 CVE-2009-3720 CVE-2009-3726 CVE-2009-402208 Mar 2016 9.3 (v2) High Pass Cisco NX-OS Software Data Management Engine Remote Code Execution (cisco-sa-nxos-dme-rce-cbE3nhZS)CVE-2020-3415 02 Sep 2020 8.8 (v3) High Pass Palo Alto Networks PAN-OS 7.1.1 Out-of-Sequence Packet Firewall Bypass 17 Jun 2016 5 (v2) Medium Pass Citrix SD-WAN Center Command Injection CVE-2019-10883 11 Apr 2019 9.8 (v3) Critical Pass IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE) CVE-2013-5704 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3021 CVE-2014-3566 CVE-2014-4770 CVE-2014-4816 CVE-2014-6164 CVE-2014-6166 CVE-2014-6167 CVE-2014-6174 CVE-2014-889007 Jan 2015 6.8 (v2) Medium Pass ESXi 6.0 / 6.5 / 6.7 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (Remote Check) CVE-2018-6974 26 Oct 2018 8.8 (v3) High Pass OpenDocMan Access Control Bypass 26 Jul 2004 4.3 (v2) Medium Pass Cisco Data Center Network Manager Authorization Bypass (cisco-sa-dcnm-auth-bypass-MYeFpFcF) CVE-2020-3522 01 Sep 2020 6.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.4 RCE (6258333)CVE-2020-4589 27 Aug 2020 9.8 (v3) Critical Pass VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE) CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 03 Feb 2015 4.3 (v2) Medium Pass Apple TV < 11 Multiple Vulnerabilities CVE-2017-7080 CVE-2017-7081 CVE-2017-7083 CVE-2017-7086 CVE-2017-7087 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7103 CVE-2017-7104 CVE-2017-7105 CVE-2017-7107 CVE-2017-7108 CVE-2017-7109 CVE-2017-7110 CVE-2017-7111 CVE-2017-7112 CVE-2017-7114 CVE-2017-7115 CVE-2017-7116 CVE-2017-7117 CVE-2017-7120 CVE-2017-7127 CVE-2017-7128 CVE-2017-7129 CVE-2017-7130 CVE-2017-11120 CVE-2017-1112122 Sep 2017 9.8 (v3) Critical Pass IBM BigFix Platform 9.5.x < 9.5.12 Multiple Vulnerabilities CVE-2012-5883 CVE-2012-6708 CVE-2015-9251 CVE-2018-5407 CVE-2019-4013 03 May 2019 9.9 (v3) Critical Pass Apache Tomcat 8.5.x < 8.5.58 / 9.0.x < 9.0.38 HTTP/2 Request Mix-Up CVE-2020-13943 14 Oct 2020 4.3 (v3) Medium Pass Apple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (uncredentialed check) CVE-2019-6237 CVE-2019-8571 CVE-2019-8577 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8598 CVE-2019-8600 CVE-2019-8601 CVE-2019-8602 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-862804 Jul 2019 9.8 (v3) Critical Pass Cisco Data Center Network Manager Path Traversal (cisco-sa-dcnm-patrav-pW9RkhyW) CVE-2020-3519 01 Sep 2020 8.1 (v3) High Pass ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (rCVE-2017-4903 CVE-2017-4904 CVE-2017-4905emote check) 31 Mar 2017 8.8 (v3) High Pass SSL/TLS EXPORT_DHE <= 512-bit Export Cipher Suites Supported (Logjam) CVE-2015-4000 21 May 2015 3.7 (v3) Low Pass Cisco Prime Infrastructure Cross-Site Scripting (cisco-sa-20191002-pi-xss-12713) CVE-2019-12713 02 Sep 2020 6.1 (v3) Medium Pass Marvell QConvergeConsole (QCC) FlashValidatorServiceImpl decryptFile Path Traversal RCE CVE-2020-15639 02 Sep 2020 9.8 (v3) Critical Pass ManageEngine Applications Manager DowntimeSchedulerServlet 'TASKID' Blind SQLi 17 Jun 2015 10 (v2) Critical Pass ManageEngine Applications Manager IT360UtilitiesServlet SQLi 17 Jun 2015 10 (v2) Critical Pass Apple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check) CVE-2011-3016 CVE-2011-3021 CVE-2011-3027 CVE-2011-3032 CVE-2011-3034 CVE-2011-3035 CVE-2011-3036 CVE-2011-3037 CVE-2011-3038 CVE-2011-3039 CVE-2011-3040 CVE-2011-3041 CVE-2011-3042 CVE-2011-3043 CVE-2011-3044 CVE-2011-3050 CVE-2011-3053 CVE-2011-3059 CVE-2011-3060 CVE-2011-3064 CVE-2011-3068 CVE-2011-3069 CVE-2011-3071 CVE-2011-3073 CVE-2011-3074 CVE-2011-3075 CVE-2011-3076 CVE-2011-3078 CVE-2011-3081 CVE-2011-3086 CVE-2011-3089 CVE-2011-3090 CVE-2011-3105 CVE-2011-3913 CVE-2011-3924 CVE-2011-3926 CVE-2011-3958 CVE-2011-3966 CVE-2011-3968 CVE-2011-3969 CVE-2011-3971 CVE-2012-0682 CVE-2012-0683 CVE-2012-1520 CVE-2012-1521 CVE-2012-2817 CVE-2012-2818 CVE-2012-2829 CVE-2012-2831 CVE-2012-2842 CVE-2012-2843 CVE-2012-3589 CVE-2012-3590 CVE-2012-3591 CVE-2012-3592 CVE-2012-3593 CVE-2012-3594 CVE-2012-3595 CVE-2012-3596 CVE-2012-3597 CVE-2012-3598 CVE-2012-3599 CVE-2012-3600 CVE-2012-3601 CVE-2012-3602 CVE-2012-3603 CVE-2012-3604 CVE-2012-3605 CVE-2012-3606 CVE-2012-3607 CVE-2012-3608 CVE-2012-3609 CVE-2012-3610 CVE-2012-3611 CVE-2012-3612 CVE-2012-3613 CVE-2012-3614 CVE-2012-3615 CVE-2012-3616 CVE-2012-3617 CVE-2012-3618 CVE-2012-3620 CVE-2012-3621 CVE-2012-3622 CVE-2012-3623 CVE-2012-3624 CVE-2012-3625 CVE-2012-3626 CVE-2012-3627 CVE-2012-3628 CVE-2012-3629 CVE-2012-3630 CVE-2012-3631 CVE-2012-3632 CVE-2012-3633 CVE-2012-3634 CVE-2012-3635 CVE-2012-3636 CVE-2012-3637 CVE-2012-3638 CVE-2012-3639 CVE-2012-3640 CVE-2012-3641 CVE-2012-3642 CVE-2012-3643 CVE-2012-3644 CVE-2012-3645 CVE-2012-3646 CVE-2012-3647 CVE-2012-3648 CVE-2012-3649 CVE-2012-3651 CVE-2012-3652 CVE-2012-3653 CVE-2012-3654 CVE-2012-3655 CVE-2012-3656 CVE-2012-3657 CVE-2012-3658 CVE-2012-3659 CVE-2012-3660 CVE-2012-3661 CVE-2012-3663 CVE-2012-3664 CVE-2012-3665 CVE-2012-3666 CVE-2012-3667 CVE-2012-3668 CVE-2012-3669 CVE-2012-3670 CVE-2012-3671 CVE-2012-3672 CVE-2012-3673 CVE-2012-3674 CVE-2012-3675 CVE-2012-3676 CVE-2012-3677 CVE-2012-3678 CVE-2012-3679 CVE-2012-3680 CVE-2012-3681 CVE-2012-3682 CVE-2012-3683 CVE-2012-3684 CVE-2012-3685 CVE-2012-3686 CVE-2012-3687 CVE-2012-3688 CVE-2012-3692 CVE-2012-3699 CVE-2012-3700 CVE-2012-3701 CVE-2012-3702 CVE-2012-3703 CVE-2012-3704 CVE-2012-3705 CVE-2012-3706 CVE-2012-3707 CVE-2012-3708 CVE-2012-3709 CVE-2012-3710 CVE-2012-3711 CVE-2012-371213 Sep 2012 10 (v2) Critical Pass MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check)CVE-2016-0128 13 Apr 2016 6.8 (v3) Medium Pass ESXi 5.5 / 6.0 / 6.5 / Hypervisor-Assisted Guest Remediation for Speculative Execution (VMSA-2018-0004) (SpectrCVE-2017-5715e) (remote check) 12 Jan 2018 5.6 (v3) Medium Pass VMware vCenter Server 5.0.x < 5.0u3g / 5.1.x < 5.1u3d / 5.5.x < 5.5u2d Reﬂected XSS (VMSA-2016-0009)CVE-2015-6931 20 Jun 2016 6.1 (v3) Medium Pass HP Onboard Administrator Multiple Vulnerabilities CVE-2012-0128 CVE-2012-0129 CVE-2012-0130 26 Sep 2013 7.6 (v2) High Pass Puppet Unauthenticated Remote Code Execution CVE-2013-3567 28 Oct 2013 7.5 (v2) High Pass WarFTPd dir Command Traversal Arbitrary Directory Listing CVE-2001-0295 22 Jan 2003 5 (v2) Medium Pass Juniper Junos EmbedThis AppWeb error Parameter XSS 15 Nov 2013 4.3 (v2) Medium Pass OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 09 Feb 2013 2.6 (v2) Low Pass vBulletin upgrade.php Accessible 05 Nov 2013 7.5 (v2) High Pass Cisco Prime Infrastructure Cross-Site Scripting (cisco-sa-20191002-pi-xss-12712) CVE-2019-12712 02 Sep 2020 6.1 (v3) Medium Pass SolarWinds Virtualization Manager Java Object Deserialization RCE CVE-2016-3642 13 Jul 2016 9.8 (v3) Critical Pass Oracle GlassFish Server 3.0.1.x < 3.0.1.14 Multiple Vulnerabilities (July 2016 CPU) CVE-2015-3237 CVE-2016-3607 CVE-2016-3608 CVE-2016-5477 20 Jul 2016 9.8 (v3) Critical Pass Pages Pro ﬁlenote Parameter Traversal Arbitrary File Modiﬁcation 06 Feb 2003 9.7 (v2) High Pass Synology DiskStation Manager < 4.3-3776 Update 2 Multiple Vulnerabilities 05 Feb 2014 7.1 (v2) High Pass Novell ZENworks Conﬁguration Management < 11.2.3a Monthly Update 1 Multiple Vulnerabilities (credentialed check)CVE-2013-1093 CVE-2013-1094 CVE-2013-1095 CVE-2013-1097 18 Jun 2013 5.8 (v2) Medium Pass Apple TV < 10 Multiple Vulnerabilities CVE-2016-4611 CVE-2016-4658 CVE-2016-4702 CVE-2016-4708 CVE-2016-4712 CVE-2016-4718 CVE-2016-4725 CVE-2016-4726 CVE-2016-4728 CVE-2016-4730 CVE-2016-4733 CVE-2016-4734 CVE-2016-4735 CVE-2016-4737 CVE-2016-4738 CVE-2016-4753 CVE-2016-4759 CVE-2016-4765 CVE-2016-4766 CVE-2016-4767 CVE-2016-4768 CVE-2016-4772 CVE-2016-4773 CVE-2016-4774 CVE-2016-4775 CVE-2016-4776 CVE-2016-4777 CVE-2016-4778 CVE-2016-513128 Sep 2016 9.8 (v3) Critical Pass HP Network Automation RMI Registry Java Object Deserialization RCE CVE-2016-4385 04 Oct 2016 7.3 (v3) High 23

RELAYTO Penetration Test Results - Page 23

RELAYTO Penetration Test Results Page 22 Page 24