RELAYTO Penetration Test Results (98/101)

Pass OpenSSL 1.0.0 < 1.0.1o Multiple Vulnerabilities (POODLE) CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 17 Oct 2014 4.3 (v2) Medium Pass Graylog2 LDAP Authentication Bypass Vulnerability CVE-2014-9217 10 Feb 2015 5 (v2) Medium Pass Cisco NX-OS Software BGP DoS (CSCtn13055) CVE-2012-4098 16 Oct 2013 5 (v2) Medium Pass Tivoli Storage Manager Server Unsupported Product 24 Feb 2015 10 (v2) Critical Pass Symantec Data Center Security Server 'WCUnsupportedClass.jsp' XSS 26 Feb 2015 4.3 (v2) Medium Pass IBM Tivoli Storage Manager Express Backup Server Service (dsmsvc.exe) Packet Handling Remote OverﬂowCVE-2008-0247 17 Jan 2008 10 (v2) Critical Pass Cisco Nexus 4000 Series Switches IPv6 Denial of Service (CSCtd15904) CVE-2013-6683 02 Dec 2013 6.1 (v2) Medium Pass Lotus Quickr for Domino qp2.dll ActiveX Control Integer Overﬂow Remote Code Execution CVE-2013-3026 26 Jun 2013 9.3 (v2) High Pass CodeMeter < 5.20 Local Privilege Escalation Vulnerability CVE-2014-8419 23 Feb 2015 7.2 (v2) High Pass SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK) CVE-2015-0204 04 Mar 2015 4.3 (v2) Medium Pass BayTech RPC-3 Telnet Daemon Remote Authentication Bypass CVE-2005-0957 01 Apr 2005 10 (v2) Critical Pass MongoDB Unauthenticated REST API Detection 12 Mar 2015 5 (v2) Medium Pass Palo Alto Networks PAN-OS < 4.0.9 / 4.1.x < 4.1.2 Multiple Command Injections CVE-2012-6595 CVE-2012-6600 05 Mar 2014 9 (v2) High Pass Loxone Smart Home Miniserver < 6.3 Multiple Vulnerabilities 13 Mar 2015 6.8 (v2) Medium Pass Pulse Connect Secure < 9.1R8.2 (SA44588) CVE-2020-8238 CVE-2020-8243 CVE-2020-8256 09 Oct 2020 7.2 (v3) High Pass Dell KACE K2000 Appliance Hidden CIFS Fileshare Information Disclosure CVE-2011-1672 19 Apr 2011 5.3 (v3) Medium Pass Apple TV < 7.0.2 Multiple Vulnerabilities CVE-2014-4452 CVE-2014-4455 CVE-2014-4461 CVE-2014-4462 20 Nov 2014 9.3 (v2) High Pass Palo Alto Networks PAN-OS 5.x < 5.0.9 Multiple Vulnerabilities 05 Mar 2014 6.5 (v2) Medium Pass ManageEngine NetFlow Analyzer Default Credentials 16 Mar 2015 7.5 (v2) High Pass HP Universal Conﬁguration Management Database Data Flow Probe Gateway Cross-Site Tracing 18 Mar 2015 5 (v2) Medium Pass Cisco UCS Director Authentication Bypass (cisco-sa-20190821-ucsd-authbypass) CVE-2019-1938 23 Aug 2019 9.8 (v3) Critical Pass Juniper Junos SRX Series ﬂowd DoS (JSA10622) CVE-2014-2714 14 Apr 2014 7.1 (v2) High Pass OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0293 CVE-2015-1787 CVE-2016-0703 CVE-2016-070424 Mar 2015 6.8 (v2) Medium Pass Palo Alto Networks PAN-OS 7.0.7 Multiple Vulnerabilities 17 Jun 2016 10 (v2) Critical Pass Apache Struts struts-cookbook processSimple.do message Parameter XSS CVE-2012-1007 23 Jul 2012 4.3 (v2) Medium Pass Cisco NX-OS Multiple Vulnerabilities (cisco-sa-20140521-nxos) CVE-2013-1191 CVE-2014-2200 CVE-2014-2201 CVE-2014-3261 30 May 2014 7.6 (v2) High Pass ArubaOS Remote Access Point Command Injection CVE-2015-1388 03 Apr 2015 7.2 (v2) High Pass Cisco IOS Software NAT denial of service (cisco-sa-20170927-nat) CVE-2017-12231 05 Oct 2017 7.5 (v3) High Pass Cisco NX-OS Software Buﬀer Overﬂow and Command Injection Vulnerabilities CVE-2019-1767 CVE-2019-1768 28 Jun 2019 6.7 (v3) Medium Pass Juniper Junos IPv6 Neighbor Discovery (ND) Traﬃc Handling Multiple Vulnerabilities (JSA10749) CVE-2016-1409 22 Jun 2016 5.3 (v3) Medium Pass OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities CVE-2019-1547 CVE-2019-1552 CVE-2019-1563 23 Aug 2019 4.7 (v3) Medium Pass Cisco IOS Zone-Based Firewall Feature Security Bypass (CSCun94946) CVE-2014-2146 27 Jun 2016 6.5 (v3) Medium Pass MySQL Enterprise Monitor 3.0.x < 3.0.5 Apache Struts DMI Multiple Vulnerabilities CVE-2013-4316 08 May 2015 10 (v2) Critical Pass CherryPy staticFilter Traversal Arbitrary File Access CVE-2006-0847 22 Feb 2006 5 (v2) Medium Pass Palo Alto Networks PAN-OS 6.1.x < 6.1.11 Multiple Vulnerabilities 07 Jul 2016 4 (v2) Medium Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.1 Vulnerability CVE-2016-10012 02 Jul 2020 7.8 (v3) High Pass Websense TRITON 7.8 Source Code Disclosure 21 May 2015 5 (v2) Medium Pass Mingle Forum Plugin for WordPress 'topic' parameter SQL Injection 20 Jan 2011 7.5 (v2) High Pass Cisco TelePresence ISDN Gateway Command Injection Vulnerability CVE-2015-0713 21 May 2015 9 (v2) High Pass Cisco TelePresence MCU Command Injection Vulnerability CVE-2015-0713 21 May 2015 9 (v2) High Pass OpenMediaVault Default Administrator Credentials 18 Dec 2013 7.5 (v2) High Pass Modbus/TCP Report Slave ID 10 May 2015 5 (v2) Medium Pass Xerox ColorQube Unspeciﬁed Remote Protocol Authorization Bypass (XRX13-008) 28 Oct 2013 10 (v2) Critical Pass HP SiteScope Log Analysis Tool Remote Privilege Escalation (uncredentialed check) CVE-2015-2120 10 Jun 2015 8.7 (v2) High Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.18 / 9.0.x <= 9.0.5.5 DirCVE-2020-4782ectory Traversal (CVE-2020-4782) 12 Feb 2021 6.5 (v3) Medium Pass IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities CVE-2012-2159 CVE-2012-2161 CVE-2012-2170 CVE-2012-2190 CVE-2012-2191 CVE-2012-3293 09 Aug 2012 5.8 (v2) Medium Pass ManageEngine Applications Manager FailOverHelperServlet 'ﬁleName' Parameter Arbitrary File DisclosureCVE-2014-7863 08 Jun 2015 5 (v2) Medium Pass Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK) CVE-2015-0204 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-178704 Jun 2015 7.5 (v2) High Pass TLS Version 1.0 Protocol Detection (PCI DSS) 30 Jun 2015 8.2 (v3) High Pass Splunk Enterprise < 5.0.18 / 6.0.14 / 6.1.13 / 6.2.13.1 / 6.3.10 / 6.4.6 / 6.5.3 / Splunk Light < 6.5.3 Multiple VCVE-2017-5607ulnerabilities 06 Apr 2017 3.5 (v3) Low Pass Bitrix bitrix.xscan Module < 1.0.4 bitrix.xscan_worker.php 'ﬁle' Parameter Path Traversal File Disclosure CVE-2015-8357 02 May 2017 4.7 (v3) Medium Pass Cisco Ironport Security Appliance Default Host Key Vulnerability CVE-2015-4217 02 Jul 2015 4.3 (v2) Medium Pass EMC Documentum D2 4.1.x < 4.5 XSS (ESA-2015-109) CVE-2015-0549 26 Jun 2015 3.5 (v2) Low Pass Oracle iPlanet Web Server 6.1.x < 6.1.21 / 7.0.x < 7.0.22 NSS Signature Handling Remote Code Injection CVE-2014-1569 23 Jul 2015 7.5 (v2) High Pass IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities CVE-2012-2098 CVE-2012-3305 CVE-2012-4853 CVE-2013-0169 CVE-2013-0458 CVE-2013-0459 CVE-2013-0460 CVE-2013-0461 CVE-2013-0462 CVE-2013-0541 CVE-2013-0542 CVE-2013-0543 CVE-2013-0544 CVE-2013-0596 CVE-2013-1768 CVE-2013-1862 CVE-2013-1896 CVE-2013-2967 CVE-2013-2976 CVE-2013-3029 CVE-2013-4005 CVE-2013-4052 CVE-2013-405320 Sep 2013 10 (v2) Critical Pass HP Network Automation 9.22.0x / 10.00.0x < 10.00.02 Multiple RCE CVE-2016-1988 CVE-2016-1989 25 Mar 2016 9.8 (v3) Critical Pass Apple TV < 9.2 Multiple Vulnerabilities CVE-2015-1819 CVE-2015-5312 CVE-2015-7499 CVE-2015-7500 CVE-2015-7942 CVE-2015-8035 CVE-2015-8242 CVE-2015-8659 CVE-2016-0801 CVE-2016-0802 CVE-2016-1740 CVE-2016-1748 CVE-2016-1750 CVE-2016-1751 CVE-2016-1752 CVE-2016-1753 CVE-2016-1754 CVE-2016-1755 CVE-2016-1762 CVE-2016-1775 CVE-2016-1783 CVE-2016-1784 CVE-2016-195001 Apr 2016 10 (v3) Critical Pass MS07-063: Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) (uncredentialed check) CVE-2007-5351 07 Jan 2008 10 (v3) Critical Pass Retrospect Client Malformed Packet DoS CVE-2006-0995 03 Mar 2006 5 (v2) Medium Pass SecurityCenter devform.php message Parameter XSS CVE-2013-5911 30 Sep 2013 4.3 (v2) Medium Pass HP Autonomy Ultraseek 5 Unspeciﬁed XSS CVE-2013-6196 15 Jan 2014 3.5 (v2) Low Pass Alcatel OmniSwitch Default Credentials (http) 30 Sep 2013 7.5 (v2) High Pass Coppermine Photo Gallery showdoc.php f Parameter Local File Inclusion CVE-2006-0873 27 Feb 2006 5 (v2) Medium Pass SSH Server CBC Mode Ciphers Enabled CVE-2008-5161 28 Oct 2013 2.6 (v2) Low Pass Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU) CVE-2013-2172 CVE-2013-3827 CVE-2013-5816 17 Oct 2013 5 (v2) Medium Pass Acme mini_httpd Protocol String Handling Memory Disclosure CVE-2015-1548 05 May 2016 5 (v2) Medium Pass Dropbear SSH Server < 2013.59 Multiple Vulnerabilities CVE-2013-4421 CVE-2013-4434 22 Oct 2013 5 (v2) Medium Pass AjaXplorer < 5.0.3 Multiple Vulnerabilities CVE-2013-5688 18 Oct 2013 5.5 (v2) Medium Pass FancyBox Plugin for WordPress 'mfbfw' Parameter Persistent XSS CVE-2015-1494 16 Feb 2015 4.3 (v2) Medium Pass TWiki 'debugenableplugins' Parameter RCE CVE-2014-7236 20 Apr 2015 8.8 (v3) High Pass ESXi 5.0 < Build 721882 Multiple Vulnerabilities (remote check) CVE-2012-3288 CVE-2012-3289 13 Nov 2013 9.3 (v2) High Pass ESXi 5.1 < Build 1142907 NFC Traﬃc Denial of Service (remote check) CVE-2013-1661 13 Nov 2013 4.3 (v2) Medium Pass OpenSSH 6.2 and 6.3 AES-GCM Cipher Memory Corruption CVE-2013-4548 13 Nov 2013 6 (v2) Medium Pass Claroline Multiple RemoteVulnerabilities (RFI, Traversal, XSS) CVE-2006-1594 CVE-2006-1595 CVE-2006-1596 03 Apr 2006 7.5 (v2) High Pass ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check) CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2010-4180 CVE-2010-4252 CVE-2011-0014 CVE-2011-1089 CVE-2011-3048 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4609 CVE-2011-4619 CVE-2012-0050 CVE-2012-0864 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 CVE-2013-1406 CVE-2013-165913 Nov 2013 9.3 (v2) High Pass MikroTik RouterOS 5.x < 5.26 / 6.x < 6.3 sshd Unspeciﬁed Remote Heap Corruption 18 Nov 2013 5 (v2) Medium Pass MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (uncredentialed check)CVE-2006-7192 CVE-2007-0041 CVE-2007-0042 CVE-2007-0043 11 Jul 2007 9.3 (v2) High Pass MySQL Server COM_CHANGE_USER Command Security Bypass CVE-2012-5627 27 Nov 2013 4.3 (v3) Medium Pass RomPager HTTP Referer Header XSS CVE-2013-6786 03 Dec 2013 4.3 (v2) Medium Pass Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (uncredentialed check) CVE-2013-5486 CVE-2013-5487 CVE-2013-5490 27 Sep 2013 9.8 (v3) Critical Pass OpenSSL 1.0.1 < 1.0.1f Multiple Vulnerabilities CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 08 Jan 2014 5.8 (v2) Medium Pass Accellion File Transfer Appliance Unsupported Version 01 Mar 2021 9.8 (v3) Critical Pass Cisco WAAS Mobile Server Web Administration Default Credentials 07 Jan 2014 7.5 (v2) High Pass Apache Solr < 4.6.0 'SolrResourceLoader' Directory Traversal CVE-2013-6397 07 Jan 2014 4.3 (v2) Medium Pass Novell Identity Manager Roles Based Provisioning Module taskId XSS CVE-2013-1096 07 Jan 2014 4.3 (v2) Medium Pass Synology DiskStation Manager < 4.3-3776 Update 3 info.cgi Multiple Parameters XSS 05 Feb 2014 4.3 (v2) Medium Pass VMware Security Updates for vCenter Server (VMSA-2014-0006) CVE-2010-5298 CVE-2014-0198 CVE-2014-0224 CVE-2014-3470 10 Jul 2014 5.8 (v2) Medium Pass Adobe ColdFusion Multiple Vulnerabilities (APSA13-03) CVE-2013-3336 14 May 2013 5 (v2) Medium Pass Puppet Symlink File Overwrite CVE-2013-4969 27 Jan 2014 2.1 (v2) Low Pass IBM GCM16 / GCM32 Global Console Manager KVM Switch Firmware Version < 1.20.0.22575 Remote Code ExecutionCVE-2013-0526 05 Aug 2014 8.5 (v2) High Pass OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 08 Aug 2014 6.8 (v2) Medium Pass JForum Detection 14 Feb 2014 None Pass SAP Host Agent SOAP Web Service Information Disclosure (SAP Note 1816536) CVE-2013-3319 03 Feb 2014 5 (v2) Medium Pass Cisco Uniﬁed Computing System Serial over LAN Static Private Key Vulnerability (CSCte90338) CVE-2012-4074 12 Feb 2014 5.8 (v2) Medium Pass Symantec Web Gateway < 5.2.5 Management Console Command Injection (SYM16-017) CVE-2016-5313 13 Oct 2016 8.8 (v3) High Pass Cisco Uniﬁed Computing System Smart Call Home Input Validation Vulnerability (CSCtl00186) CVE-2012-4093 18 Feb 2014 4.6 (v2) Medium Pass Symantec Web Gateway <= 5.1.1 Multiple Vulnerabilities (SYM14-003) CVE-2013-5012 CVE-2013-5013 13 Feb 2014 6.5 (v2) Medium Pass Ubiquiti airCam < 1.2.0 ubnt-streamer RTSP Service Remote Code Execution CVE-2013-1606 19 Feb 2014 7.5 (v2) High Pass nginx < 1.8.1 / 1.9.x < 1.9.10 Multiple Vulnerabilities CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 09 Mar 2018 7.3 (v3) High Pass VMware Security Updates for vCenter Server (VMSA-2013-0006) CVE-2012-2733 CVE-2012-4534 CVE-2013-3107 30 Apr 2013 4.3 (v2) Medium Pass Oracle GlassFish Server 3.0.1 < 3.0.1.7 / 3.1.2 < 3.1.2.5 Multiple Vulnerabilities (April 2013 CPU) CVE-2013-1508 CVE-2013-1515 05 Jun 2013 4.3 (v2) Medium Pass Lexmark Printer Conﬁguration Persistent XSS CVE-2013-6033 03 Mar 2014 3.5 (v2) Low Pass MS08-037: Vulnerabilities in DNS Could Allow Spooﬁng (951746) (uncredentialed check) CVE-2008-1447 CVE-2008-1454 05 Mar 2014 9.4 (v2) High Pass OpenSSH S/KEY Authentication Account Enumeration CVE-2007-2243 18 Nov 2011 5 (v2) Medium Pass McAfee Web Gateway User Interface Default Credentials 21 Feb 2014 10 (v2) Critical Pass Apache 2.2.x < 2.2.22 Multiple Vulnerabilities CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-4557 02 Feb 2012 5.3 (v3) Medium Pass Novell ZENworks Conﬁguration Console Login.jsp language Parameter XSS CVE-2013-1094 18 Jun 2013 4.3 (v2) Medium Pass Web Accessible Backups 03 Mar 2014 None Pass Oracle RDBMS Patchset Out of Date (remote check) 13 Mar 2014 10 (v2) Critical Pass PeopleSoft PeopleTools JMS Listening Connector Activity Parameter XSS CVE-2009-1987 29 Oct 2009 4.3 (v2) Medium Pass Cisco Email Security Appliance Web UI Default Credentials 02 Apr 2014 9.8 (v3) Critical Pass Cisco Content Security Management Appliance Web UI Default Credentials 02 Apr 2014 7.5 (v2) High 98

RELAYTO Penetration Test Results - Page 98

RELAYTO Penetration Test Results Page 97 Page 99