RELAYTO Penetration Test Results (41/101)

Pass MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (April 2018 CPU) CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-284619 Apr 2018 5.5 (v3) Medium Pass Cisco IOS SNMP Community string write privileges. 18 Apr 2018 None Pass Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability (cisco-sa-20180418-iosxr)CVE-2018-0241 27 Apr 2018 7.4 (v3) High Pass Atlassian JIRA < 4.2.1 Multiple Vulnerabilities 24 Apr 2018 6.3 (v3) Medium Pass Pulse Connect Secure Multiple Vulnerabilities (SA43730) CVE-2007-5846 CVE-2016-2125 CVE-2016-2126 CVE-2016-10142 CVE-2018-9849 18 May 2018 6.5 (v3) Medium Pass Apache Struts 2.0.x < 2.0.9 RCE (S2-001) 10 Sep 2018 9.8 (v3) Critical Pass Oracle Database Server CVE-2018-3110 CVE-2018-3110 14 Aug 2018 9.9 (v3) Critical Pass D-Link DIR Router Authenication Bypass 11 Oct 2017 8.3 (v3) High Pass Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability (cisco-sa-20180307-cpcp CVE-2018-0141 09 Mar 2018 8.4 (v3) High Pass Cisco Prime Collaboration Provisioning XSS (cisco-sa-prime-collab-xss-fQMDE5GO) CVE-2021-34732 03 Sep 2021 6.1 (v3) Medium Pass Cisco Prime Collaboration Provisioning Information Disclosure (cisco-sa-prim-collab-disclo-FAnX4DKB) CVE-2020-3193 19 Mar 2020 5.3 (v3) Medium Pass Cisco Uniﬁed Communications Products Vulnerabilities (cisco-sa-imp-trav-inj-dM687ZD6) CVE-2021-1282 05 Feb 2021 4.9 (v3) Medium Pass Apache Struts 2.x < 2.3.14.2 Multiple Vulnerabilities (S2-014) CVE-2013-1966 CVE-2013-2115 10 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.2.1 OGNL RCE (S2-005) CVE-2010-1870 10 Sep 2018 5.3 (v3) Medium Pass Apache Struts 2.x < 2.3.15.1 Multiple Vulnerabilities (S2-016) (S2-017) CVE-2013-2248 CVE-2013-2251 10 Sep 2018 9.8 (v3) Critical Pass Cisco IOS Software Cluster Management Protocol DoS Vulnerability (cisco-sa-20180926-cmp) CVE-2018-0475 05 Oct 2018 7.4 (v3) High Pass Apache Struts 2.x < 2.2.3 Multiple XSS (S2-006) CVE-2011-1772 10 Sep 2018 4.3 (v3) Medium Pass Apache Struts 2.0.x < 2.2.1 Security Bypass Vulnerability (S2-003) 10 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.3.15.3 Broken Access Control Vulnerability (S2-018) CVE-2013-4310 10 Sep 2018 6.5 (v3) Medium Pass Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020) CVE-2014-0050 CVE-2014-0094 10 Sep 2018 7.3 (v3) High Pass Apache Struts 2.x < 2.3.15.2 Dynamic Method Invocation Multiple Vulnerabilities (S2-019) CVE-2013-4316 11 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.3.1.2 RCE (S2-009) CVE-2011-3923 11 Sep 2018 9.8 (v3) Critical Pass Apache Struts 2.x < 2.3.20 Multiple ClassLoader Manipulation Vulnerabilities (S2-021) CVE-2014-0112 CVE-2014-0113 12 Sep 2018 7.3 (v3) High Pass Cisco IOS Software IPv6 Hop-by-Hop DoS Vulnerability (cisco-sa-20180926-ipv6hbh) CVE-2018-0467 05 Oct 2018 8.6 (v3) High Pass Cisco IOS Software OSPFv3 DoS Vulnerability (cisco-sa-20180926-ospfv3-dos) CVE-2018-0466 05 Oct 2018 6.5 (v3) Medium Pass Apache Tomcat 9.0.0.M1 < 9.0.8 Denial of Service Vulnerability CVE-2018-1336 27 Feb 2019 7.5 (v3) High Pass Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod Multi-Site TCP DoS (cisco-sa-n9kaci-tcp-dos-YXukt6gM)CVE-2021-1586 21 Feb 2022 8.6 (v3) High Pass F5 BIG-IP RCE (CVE-2022-1388) CVE-2022-1388 09 May 2022 9.8 (v3) Critical Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2018 CPU) CVE-2017-5645 CVE-2018-3204 CVE-2018-8013 03 Jan 2019 9.8 (v3) Critical Pass nginx <= 1.3.13 Insecure Log Permissions CVE-2013-0337 05 Mar 2019 7.3 (v3) High Pass Atlassian JIRA < 7.6.7 / 7.7.x < 7.11.0 Information Disclosure CVE-2017-18104 05 Mar 2019 5.9 (v3) Medium Pass Atlassian JIRA < 7.5.3 Cross-Site Scripting CVE-2017-16863 05 Mar 2019 6.1 (v3) Medium Pass Atlassian JIRA < 7.6.1 Multiple Vulnerabilities CVE-2017-16865 CVE-2017-18097 CVE-2017-18098 05 Mar 2019 6.1 (v3) Medium Pass Atlassian JIRA < 7.6.2 Cross-Site Request Forgery CVE-2017-16862 05 Mar 2019 4.3 (v3) Medium Pass Atlassian JIRA < 7.6.5 / 7.7.x < 7.7.3 / 7.8.x < 7.8.3 Limited Authentication Bypass CVE-2017-18101 05 Mar 2019 6.5 (v3) Medium Pass Palo Alto Networks < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Integer Overﬂow Vulnerability (PAN-SA-2019-0006)CVE-2018-14634 25 Mar 2019 7.8 (v3) High Pass Cisco IOS Software Hot Standby Router Protocol Information Leak Vulnerability CVE-2019-1761 05 Apr 2019 4.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.16 / 9.0.0.x < 9.0.0.11 Admin Console Denial of Service (DoS) VCVE-2019-4080 ulnerability (CVE-2019-4080) 12 Apr 2019 6.5 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.16 / 9.0.0.x < 9.0.0.11 Information DisclosurCVE-2018-1996 e Vulnerability (CVE-2018-1996) 12 Apr 2019 5.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.16 / 9.0.0.x < 9.0.0.11 / Liberty < 19.0.0.4 Request Header Denial of Service (DoS) VCVE-2019-4046 ulnerability (CVE-2019-4046) 12 Apr 2019 7.5 (v3) High Pass Tenable Nessus < 8.1.1 Multiple Vulnerabilities (TNS-2018-16) CVE-2018-0734 CVE-2018-5407 02 Jan 2019 5.9 (v3) Medium Pass 3S CODESYS Runtime 3.x < 3.5.14.0 Insuﬃcient Access Control Vulnerability CVE-2018-10612 CVE-2018-20025 CVE-2018-20026 03 Jan 2019 9.8 (v3) Critical Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 Form Login SpooCVE-2018-1695ﬁng Vulnerability (CVE-2018-1695) 03 May 2019 5.6 (v3) Medium Pass Juniper JSA10936 CVE-2019-0044 10 May 2019 7.5 (v3) High Pass Atlassian JIRA Server-Side Request Forgery (SSRF) Vulnerability (JRASERVER-68527) CVE-2018-13404 10 May 2019 4.1 (v3) Medium Pass Atlassian JIRA Cross-Site Scripting (XSS) Vulnerability (JRASERVER-68614) CVE-2018-20232 10 May 2019 5.4 (v3) Medium Pass IBM Spectrum Protect Client 7.1.x < 7.1.8.4 / 8.1.x < 8.1.6.1 Denial of Service Vulnerability (CVE-2018-1786)CVE-2018-1786 03 Jan 2019 7.5 (v3) High Pass IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.9 TLS Downgrade Vulnerability (CVE-2018-1719)CVE-2018-1719 30 May 2019 5.9 (v3) Medium Pass IBM WebSphere Application Server Virtual Enterprise 7.0.x / Network Deployment 8.5.x < 8.5.5.16 / Network Deployment 9.0.0.x <= 9.0.0.11 Remote Code Execution VCVE-2019-4279 ulnerability (CVE-2019-4279) 31 May 2019 9.8 (v3) Critical Pass Juniper JSA10889 CVE-2018-0055 07 Jun 2019 5.3 (v3) Medium Pass Apache Tomcat 9.0.0.M1 < 9.0.16 DoS CVE-2019-0199 27 Jun 2019 7.5 (v3) High Pass MySQL 5.6.x < 5.6.45 Multiple Vulnerabilities (Jul 2019 CPU) CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 CVE-2019-2819 CVE-2019-2969 18 Jul 2019 6.2 (v3) Medium Pass Cisco Uniﬁed Communications Manager Session Initiation Protocol Denial of Service Vulnerability CVE-2019-1887 12 Jul 2019 7.5 (v3) High Pass Cisco IOS Software Network Plug-and-Play Agent Certiﬁcate Validation Vulnerability CVE-2019-1748 26 Jul 2019 7.4 (v3) High Pass Cisco IOS Software Information Disclosure Vulnerability (cisco-sa-20190327-info) CVE-2019-1762 29 Jul 2019 4.4 (v3) Medium Pass Atlassian JIRA worklog Information Disclosure CVE-2019-8445 29 Aug 2019 5.3 (v3) Medium Pass Atlassian JIRA < 7.13.4 / 8.0.x < 8.1.0 Epic Name DoS (SB19-182) CVE-2019-11583 29 Aug 2019 6.5 (v3) Medium Pass Atlassian JIRA Authentication Bypass Vulnerability (JRASERVER-69239) CVE-2018-20826 03 Sep 2019 4.3 (v3) Medium Pass Atlassian JIRA Information Disclosure Vulnerability (JRASERVER-69797) CVE-2019-8448 03 Sep 2019 5.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.x / 8.0.0.x / 8.5.x < 8.5.5.17 / 9.0.0.x < 9.0.5.2 Information DisclosurCVE-2019-4477e (CVE-2019-4477) 20 Sep 2019 6.5 (v3) Medium Pass Atlassian JIRA 7.7.x < 7.13.1 XSS vulnerability (JRASERVER-69238) CVE-2018-20824 25 Sep 2019 6.1 (v3) Medium Pass Cisco Uniﬁed Communications Manager Cross-Site Scripting (XSS) Vulnerability CVE-2019-12715 25 Oct 2019 6.1 (v3) Medium Pass Cisco IOS Denial of Service Vulnerability (cisco-sa-20190925-sip-dos) CVE-2019-12654 08 Oct 2019 7.5 (v3) High Pass Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability (cisco-sa-20190925-ios-gos-auth)CVE-2019-12648 08 Oct 2019 8.8 (v3) High Pass Cisco IOS ISDN Interface Denial of Service Vulnerability CVE-2019-1752 11 Oct 2019 7.5 (v3) High Pass Cisco Uniﬁed Communications Manager Cross-Site Scripting (XSS) Vulnerability CVE-2019-12716 11 Oct 2019 6.1 (v3) Medium Pass Cisco IOS XR gRPC Software Denial of Service Vulnerability CVE-2019-12647 18 Oct 2019 7.5 (v3) High Pass Cisco Wireless LAN Controller Secure Shell (SSH) Denial of Service Vulnerability (cisco-sa-20191016-wlc-ssh-dos)CVE-2019-15262 25 Oct 2019 7.5 (v3) High Pass MySQL 5.6.x < 5.6.46 Multiple Vulnerabilities (Oct 2019 CPU) CVE-2019-2910 CVE-2019-2911 CVE-2019-2922 CVE-2019-2923 CVE-2019-2924 CVE-2019-2974 18 Oct 2019 5.3 (v3) Medium Pass Cisco IOS Software IP Service Level Agreement Denial of Service Vulnerability CVE-2019-1737 21 Oct 2019 8.6 (v3) High Pass Atlassian Jira 7.6.x < 7.6.13, 7.7.0 < 7.13.3, 8.x < 8.1.1 Information Disclosure Vulnerability CVE-2019-3401 25 Oct 2019 5.3 (v3) Medium Pass Atlassian Jira 7.13.x < 7.13.3 / 8.0.x < 8.0.4 / 8.1.x < 8.1.1 Information Disclosure Vulnerability CVE-2019-3403 25 Oct 2019 5.3 (v3) Medium Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (April 2016 CPU) CVE-2014-3576 CVE-2016-0468 CVE-2016-0479 25 Oct 2019 6.1 (v3) Medium Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2016 CPU) CVE-2016-3432 CVE-2016-3433 CVE-2016-3446 CVE-2016-3474 CVE-2016-3544 25 Oct 2019 8.3 (v3) High Pass Cisco Uniﬁed Communications Manager SQLi (cisco-sa-20191002-cuc-inject) CVE-2019-12710 30 Oct 2019 4.9 (v3) Medium Pass Junos OS: Clear Text Authentication Credentials (JSA10969) CVE-2019-0069 01 Nov 2019 5.5 (v3) Medium Pass Juniper JSA10956 CVE-2019-0058 01 Nov 2019 7.8 (v3) High Pass Cisco Uniﬁed Communications Manager XSS (cisco-sa-20191002-cuc-xss) CVE-2019-12707 31 Oct 2019 6.1 (v3) Medium Pass Atlassian Jira 7.13.x < 7.13.4, 8.x < 8.2.2 CSRF vulnerability (JRASERVER-69858) CVE-2019-14999 05 Nov 2019 4.3 (v3) Medium Pass Cisco IOS IP Detail Record DoS (cisco-sa-20160928-ipdr) CVE-2016-6379 12 Nov 2019 7.5 (v3) High Pass Cisco Uniﬁed Communications Manager Cross-Site Request Forgery (XSRF) Vulnerability (cisco-sa-20191002-cucm-csrf)CVE-2019-1915 07 Nov 2019 6.5 (v3) Medium Pass Cisco IOS H.323 Message Validation DoS (cisco-sa-20160928-h323) CVE-2016-6384 12 Nov 2019 7.5 (v3) High Pass Cisco IOS Smart Install Memory Leak (cisco-sa-20160928-smi) CVE-2016-6385 12 Nov 2019 7.5 (v3) High Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1735) CVE-2019-1735 13 Nov 2019 7.8 (v3) High Pass Cisco NX-OS Software Multiple Vulnerabilities (cisco-sa-20190515-nxos-cmdinj-1774-1775) CVE-2019-1774 CVE-2019-1775 13 Nov 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1770) CVE-2019-1770 14 Nov 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1790) CVE-2019-1790 14 Nov 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1783) CVE-2019-1783 14 Nov 2019 6.7 (v3) Medium Pass Cisco IOS Autonomic Control Plane Channel Information Disclosure (cisco-sa-20170726-aniacp) CVE-2017-6665 18 Nov 2019 6.5 (v3) Medium Pass Cisco IOS AAA Login DoS (cisco-sa-20160928-aaados) CVE-2016-6393 21 Nov 2019 7.5 (v3) High Pass Cisco NX-OS Software NX-API Denial of Service Vulnerability CVE-2020-3170 05 Mar 2020 5.3 (v3) Medium Pass Cisco IOS Autonomic Networking Infrastructure DoS (cisco-sa-20170726-anidos) CVE-2017-6663 22 Nov 2019 6.5 (v3) Medium Pass Cisco IOS Software Smart Install DoS (cisco-sa-20180328-smi) CVE-2018-0156 27 Nov 2019 7.5 (v3) High Pass Cisco IOS Software Internet Key Exchange Memory Leak (cisco-sa-20180328-ike) CVE-2018-0158 27 Nov 2019 8.6 (v3) High Pass Cisco IOS Software Secure Shell Connection on VRF (cisco-sa-20190109-ios-ssh-vrf) CVE-2018-0484 06 Dec 2019 6.5 (v3) Medium Pass Cisco NX-OS Software OSPF LSA Manipulation (cisco-sa-20170727-ospf) CVE-2017-6770 27 Nov 2019 4.2 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1795) CVE-2019-1795 04 Dec 2019 6.7 (v3) Medium Pass Cisco NX-OS Software Command Injection (cisco-sa-20190306-nxos-cmdinj-1611) CVE-2019-1611 04 Dec 2019 6.7 (v3) Medium Pass Junos OS: processing of speciﬁc transit IP packets in ﬂowd, leading to Denial of Service (JSA10959) CVE-2019-0060 16 Dec 2019 7.5 (v3) High Pass IBM WebSphere Application Server 7.0.x / 8.0.0.x / 8.5.x < 8.5.5.17 / 9.0.0.x < 9.0.5.2 Directory Traversal VCVE-2019-4442ulnerability 06 Dec 2019 4.3 (v3) Medium Pass Cisco IOS Software Software Plug and Play Agent Memory Leak(cisco-sa-20180926-pnp-memleak) CVE-2018-15377 13 Dec 2019 8.6 (v3) High Pass nginx < 1.17.7 Information Disclosure CVE-2019-20372 05 Mar 2020 5.3 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.2 / Liberty < 19.0.0.11 Information DisclosurCVE-2019-4441 e (CVE-2019-4441) 16 Dec 2019 5.3 (v3) Medium Pass Cisco NX-OS Software Privilege Escalation Vulnerability CVE-2019-1602 18 Dec 2019 7.8 (v3) High Pass Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability CVE-2020-3175 05 Mar 2020 8.6 (v3) High Pass Cisco NX-OS Software CLI Command Injection Vulnerability (Cisco-Sa-20190306-Nxos-Cmdinj-1609) CVE-2019-1609 27 Dec 2019 6.7 (v3) Medium Pass IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Information Disclosure (CVE-2018-1614)CVE-2018-1614 28 Jan 2020 7.5 (v3) High Pass SSL/TLS Deprecated Ciphers Unsupported 06 Jan 2020 None Pass SSLv2-Only Open Ports Unsupported 06 Jan 2020 None Pass Cisco Data Center Network Manager < 11.3(1) Multiple Vulnerabilities CVE-2019-15975 CVE-2019-15976 CVE-2019-15977 CVE-2019-15978 CVE-2019-15979 CVE-2019-15980 CVE-2019-15981 CVE-2019-15982 CVE-2019-15983 CVE-2019-15984 CVE-2019-15985 CVE-2019-1599909 Jan 2020 9.8 (v3) Critical Pass Cisco IOS Software NAT64 Denial of Service Vulnerability CVE-2019-1751 09 Jan 2020 7.5 (v3) High Pass MySQL 5.6.x < 5.6.47 Multiple Vulnerabilities (Jan 2020 CPU) CVE-2019-1547 CVE-2020-2574 CVE-2020-2579 16 Jan 2020 4.7 (v3) Medium 41

RELAYTO Penetration Test Results - Page 41

RELAYTO Penetration Test Results Page 40 Page 42