RELAYTO Penetration Test Results (92/101)

Pass Cisco IOS XR Software Memory Exhaustion Vulnerability (cisco-sa-20131002-iosxr) CVE-2013-5503 14 Dec 2013 7.8 (v2) High Pass McAfee Vulnerability Manager Detect 29 Mar 2013 None Pass Elasticsearch Detection (deprecated) 03 Dec 2018 None None Pass Logstash JSON API Detection (deprecated) 03 Dec 2018 None None Pass Ansible AWX WebUI Detection 04 Feb 2019 None Pass Cisco IOS XR ICMPv6 Redirect Denial of Service CVE-2014-2144 09 Apr 2014 6.1 (v2) Medium Pass Alt-N MDaemon Detection 28 May 2013 None Pass Junos OS: Multiple vulnerabilities in libxml2 (JSA10902) CVE-2019-0003 15 Feb 2019 5.9 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (April 2014 CPU) CVE-2014-2406 CVE-2014-2408 16 Apr 2014 8.5 (v2) High Pass Microsoft SQL Server Unsupported Version Detection (remote check) 29 Apr 2014 10 (v3) Critical Pass Apache Struts 2 CookieInterceptor Unspeciﬁed Security Bypass (S2-022) CVE-2014-0116 09 May 2014 6.5 (v3) Medium Pass Cisco IOS XR OSPFv3 DoS (CSCuj82176) CVE-2013-5565 28 Jul 2014 4.3 (v2) Medium Pass Cisco IOS XR DHCPv6 Multiple DoS Vulnerabilities CVE-2014-3270 CVE-2014-3271 01 Aug 2014 5 (v2) Medium Pass Cisco IOS XR DHCPv6 DoS CVE-2014-3343 26 Nov 2014 4.3 (v2) Medium Pass Cisco IOS XR Malformed RSVP Packet DoS CVE-2014-3376 28 Nov 2014 5 (v2) Medium Pass Tenable SecurityCenter Multiple DoS (TNS-2014-11) CVE-2014-3513 CVE-2014-3567 30 Dec 2014 7.5 (v3) High Pass Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025) CVE-2014-7809 CVE-2015-5169 10 Dec 2014 7.3 (v3) High Pass Cisco IOS XR Multiple ntpd Vulnerabilities CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 18 Mar 2015 7.5 (v2) High Pass Apache Tomcat 6.0.x < 6.0.42 Handling Request Smuggling DoS CVE-2014-0227 01 Mar 2015 4.8 (v3) Medium Pass Apache Struts 2.3.20 Incorrect Default Exclude Pattern (S2-024) CVE-2015-1831 15 May 2015 7.3 (v3) High Pass Cisco IOS XR NCS 6000 Multiple ntpd Vulnerabilities CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 18 Mar 2015 7.5 (v2) High Pass Cisco IOS XR DHCPv4 Message Saturation DoS CVE-2015-0672 31 Mar 2015 5 (v2) Medium Pass Cisco IOS Software TCP Memory Leak DoS (cisco-sa-20150325-tcpleak) CVE-2015-0646 03 Apr 2015 7.5 (v3) High Pass Cisco IOS Autonomic Networking Infrastructure Multiple Vulnerabilities (cisco-sa-20150325-ani) CVE-2015-0635 CVE-2015-0636 CVE-2015-0637 06 Apr 2015 9 (v2) High Pass Oracle Database Multiple Vulnerabilities (April 2015 CPU) CVE-2015-0455 CVE-2015-0457 CVE-2015-0479 CVE-2015-0483 20 Apr 2015 9 (v2) High Pass Cisco ANI Conﬁguration Overwrite DoS (CSCup62167) CVE-2015-0669 22 May 2015 6.4 (v2) Medium Pass Cisco IOS XR Software Crafted IPv6 Packet DoS (cisco-sa-20150611-iosxr) CVE-2015-0769 19 Jun 2015 7.8 (v2) High Pass Tenable SecurityCenter < 5.0.1 Multiple RCE (TNS-2015-10) CVE-2015-4149 CVE-2015-4150 03 Aug 2015 8.8 (v3) High Pass Tenable SecurityCenter Alternative Certiﬁcate Validation Bypass Vulnerability (TNS-2015-08) CVE-2015-1793 20 Aug 2015 6.5 (v3) Medium Pass Atlassian Jira < 8.5.5 / 8.6.x < 8.8.2 / 8.9.x < 8.9.1 Multiple Cross-Site Scripting (XSS) CVE-2020-4022 CVE-2020-4024 CVE-2020-4025 22 Jul 2020 6.1 (v3) Medium Pass Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06) CVE-2006-7243 CVE-2015-2325 CVE-2015-2326 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 20 Aug 2015 9.8 (v3) Critical Pass Cisco IOS SSHv2 RSA-Based User Authentication Bypass (CSCus73013) CVE-2015-6280 02 Oct 2015 9.3 (v2) High Pass Oracle Database Multiple Vulnerabilities (October 2015 CPU) CVE-2015-4794 CVE-2015-4796 CVE-2015-4857 CVE-2015-4863 CVE-2015-4873 CVE-2015-4888 CVE-2015-4900 23 Oct 2015 10 (v2) Critical Pass Cisco IOS XR OSPF Link State Advertisement PCE DoS (cisco-sa-20160104-iosxr) CVE-2015-6432 08 Jan 2016 7.5 (v3) High Pass Tenable SecurityCenter OpenSSL ASN.1 Signature Veriﬁcation Routine DoS (TNS-2016-01) CVE-2015-3194 17 Feb 2016 7.5 (v3) High Pass Tenable SecurityCenter PHP Character Handling (TNS-2015-09) 29 Feb 2016 9.8 (v3) Critical Pass Cisco IOS XR OpenSSL Security Bypass (CSCup22654) CVE-2014-0224 26 Feb 2016 5.8 (v2) Medium Pass Tenable SecurityCenter 5.0.2 Audit File XSS (TNS-2015-12) CVE-2015-8503 16 Mar 2016 4.1 (v3) Medium Pass Tenable SecurityCenter 5.2.x / 5.3.x < 5.3.1 Multiple Vulnerabilities (TNS-2016-07) CVE-2016-82008 CVE-2016-82009 CVE-2016-82010 CVE-2016-82011 12 Apr 2016 4.7 (v3) Medium Pass Cisco IOS XR GSR 12000 Port Range BFD DoS (cisco-sa-20160311-gsr) CVE-2016-1361 14 Apr 2016 5.3 (v3) Medium Pass Cisco IOS NTP Subsystem Unauthorized Access (cisco-sa-20160419-ios) CVE-2016-1384 03 May 2016 7.5 (v3) High Pass Cisco IOS XR OpenSSH Module SSH Login Channel Identiﬁer DoS CVE-2015-4193 17 May 2016 4 (v2) Medium Pass Atlassian Jira 7.13.x < 8.3.0 XSS (JRASERVER-70856) CVE-2019-20416 22 Jul 2020 4.8 (v3) Medium Pass Cisco IOS XR < 6.1.1 on ASR 9000 LPTS DoS CVE-2016-1407 25 May 2016 7.5 (v3) High Pass Cisco IOS LLDP Packet Handling Remote DoS (cisco-sa-20160616-ios) CVE-2016-1424 22 Jun 2016 6.5 (v3) Medium Pass Cisco IOS XR 6.0.1.x and 6.0.2.x < 6.0.2.7 / 6.1.x < 6.1.1.17 Command Input Handling Privilege EscalationCVE-2016-1456 12 Aug 2016 7.8 (v3) High Pass Cisco IOS XR 5.1.x < 5.1.3 / 5.2.x < 5.2.4 / 5.3.x < 5.3.2 Fragmented Packet DoS (cisco-sa-20160810-iosxr)CVE-2016-6355 19 Aug 2016 7.5 (v3) High Pass Cisco IOS Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp) CVE-2016-1459 26 Aug 2016 5.3 (v3) Medium Pass Cisco IOS NTP Packet Handling Remote DoS (cisco-sa-20160804-wedge) CVE-2016-1478 29 Aug 2016 7.5 (v3) High Pass Tenable SecurityCenter < 5.3.0 Multiple Vulnerabilities (TNS-2016-04) CVE-2015-8383 CVE-2015-8386 CVE-2015-8387 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8393 CVE-2015-8394 06 Sep 2016 4.3 (v3) Medium Pass Cisco IOS Software Wide Area Application Services Express DoS CVE-2016-1347 16 Sep 2016 7.5 (v3) High Pass Cisco IOS XR NCS 6000 Packet Timer Leak DoS (cisco-sa-20160713-ncs6k) CVE-2016-1426 16 Sep 2016 7.5 (v3) High Pass Cisco IOS XR IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERCVE-2016-6415TAIN) 27 Sep 2016 7.5 (v3) High Pass Apache Struts 2.3.1 < 2.3.31 / 2.5.x < 2.5.5 Convention Plugin Path Traversal RCE (S2-042) CVE-2016-6795 27 Oct 2016 9.8 (v3) Critical Pass Atlassian Jira 7.13.x < 7.13.3 / 8.x < 8.1.0 CSRF via Logging and Proﬁling Feature (JRASERVER-70849) CVE-2019-20415 22 Jul 2020 4.3 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (January 2017 CPU) CVE-2017-3240 CVE-2017-3310 18 Jan 2017 9 (v3) Critical Pass Tenable SecurityCenter 5.4.x <= 5.4.3 PHP Object Deserialization Remote File Deletion (TNS-2017-05) 07 Mar 2017 4.3 (v3) Medium Pass Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy) CVE-2016-0736 CVE-2016-2161 CVE-2016-5387 CVE-2016-7055 CVE-2016-8740 CVE-2016-8743 CVE-2016-9594 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10167 CVE-2016-1000102 CVE-2016-1000104 CVE-2017-3731 CVE-2017-373214 Mar 2017 6.5 (v3) Medium Pass Cisco IOS ANI Registrar DoS (cisco-sa-20170320-ani) CVE-2017-3849 24 Mar 2017 7.4 (v3) High Pass Cisco IOS ANI IPv6 Packets DoS (cisco-sa-20170320-aniipv6) CVE-2017-3850 24 Mar 2017 5.9 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.105 WebSocket DoS CVE-2020-13935 23 Jul 2020 7.5 (v3) High Pass Oracle GlassFish Server Unspeciﬁed Vulnerability (January 2015 CPU) CVE-2015-0396 23 Jan 2015 7.5 (v2) High Pass Apache Traﬃc Server Unsupported 22 Jan 2015 10 (v3) Critical Pass TYPO3 9.x < 9.5.6 Information Disclosure 23 Jul 2020 4.8 (v3) Medium Pass Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-029319 May 2015 7.3 (v3) High Pass HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager RCE CVE-2013-4841 10 Apr 2014 10 (v2) Critical Pass Azure CycleCloud Web UI Detection 13 Aug 2021 None Pass ServletExec 4.1 ISAPI com.newatlanta.servletexec.JSP10Servlet Path Disclosure CVE-2002-0892 22 May 2002 5 (v2) Medium Pass HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam) CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-3143 CVE-2015-3145 CVE-2015-3148 CVE-2015-4000 CVE-2015-4024 CVE-2016-1993 CVE-2016-1994 CVE-2016-1995 CVE-2016-199624 Mar 2016 9.8 (v3) Critical Pass Samba MS-DOS Path Request Arbitrary File Retrieval CVE-2004-0815 30 Sep 2004 6.5 (v2) Medium Pass Atlassian Jira < 8.5.5 / 8.6.x < 8.7.2 / 8.8.x < 8.8.1 Improper authorization CVE-2020-4029 23 Jul 2020 4.3 (v3) Medium Pass Web Server Directory Enumeration 26 Jun 2002 None Pass Cisco Wireless LAN Controller (WLC) Version 25 Sep 2013 None Pass Jenkins ( < 2.235.2 LTS / < 2.245 Weekly) Multiple Stored XSS (Jenkins Security Advisory 2020-07-15) CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 24 Jul 2020 5.4 (v3) Medium Pass SSL/TLS Service Requires Client Certiﬁcate 19 May 2016 None Pass TYPO3 8.x < 8.7.23 / 9.x < 9.5.4 Multiple Vulnerabilities CVE-2018-14041 24 Jul 2020 6.1 (v3) Medium Pass Juniper JSA10879 CVE-2018-0045 23 Jul 2019 8.8 (v3) High Pass BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution 10 May 2016 10 (v2) Critical Pass ArubaOS Detection 16 Oct 2014 None Pass IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE) CVE-2013-5704 CVE-2014-0076 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3021 CVE-2014-3070 CVE-2014-3083 CVE-2014-3566 CVE-2014-4764 CVE-2014-4770 CVE-2014-4816 CVE-2014-6166 CVE-2014-6167 CVE-2014-617418 Feb 2015 6.8 (v2) Medium Pass Cisco NX-OS GNU C Library (glibc) Buﬀer Overﬂow (GHOST) CVE-2015-0235 19 Jul 2016 8.1 (v3) High Noise TLS Version 1.3 Protocol Detection 09 Jul 2020 None Pass Database Authentication Failure(s) for Provided Credentials 24 Jun 2016 None Pass MySQL Server Login Possible 24 Jun 2016 None Pass Oracle Primavera Gateway (Oct 2020 CPU) CVE-2019-17495 22 Oct 2020 9.8 (v3) Critical Pass Atlassian Jira < 7.13.9 / 8.0.x < 8.4.2 Multiple Vulnerabilities CVE-2019-20411 CVE-2019-20413 28 Jul 2020 4.3 (v3) Medium Pass PHP < 7.3.28 Email Header Injection 26 Aug 2021 5.3 (v3) Medium Pass HP LaserJet Printers Remote Unauthorized Access, DoS (HPSBPI03147) CVE-2014-7875 05 Nov 2014 9 (v2) High Pass Atlassian Jira < 7.6.17 / 7.7.x < 7.13.9 / 8.0.x < 8.4.2 Information Disclosure CVE-2019-20410 29 Jul 2020 6.5 (v3) Medium Pass POP Password Changer (poppassd_pam) Arbitrary User Remote Password Modiﬁcation 12 Jan 2005 7.5 (v2) High Pass Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2m Multiple Vulnerabilities CVE-2017-3735 CVE-2017-3736 16 Nov 2017 5.3 (v3) Medium Pass Xerox WorkCentre Command Injection (XRX11-001) 08 Feb 2011 10 (v2) Critical Pass Internet Gateway Device WAN Interface UPnP Access 19 Feb 2009 6.5 (v3) Medium Pass Veritas Cluster Management Console Detection 02 Mar 2011 None Pass SMTP Service STARTTLS Plaintext Command Injection CVE-2011-0411 CVE-2011-1430 CVE-2011-1431 CVE-2011-1432 CVE-2011-1506 CVE-2011-2165 10 Mar 2011 4 (v2) Medium Pass HP StorageWorks File Migration Agent Detection 14 Mar 2011 None Pass Wake-on-LAN 10 Mar 2011 None Pass Sybase M-Business Anywhere (AvantGo) Sync Server Detection 23 May 2011 None Pass Unprotected memcached 11 Mar 2011 5 (v2) Medium Pass Tenable SecurityCenter PHP < 5.6.32 PCRE DoS CVE-2016-1283 16 Nov 2017 9.8 (v3) Critical Pass Juniper Junos SIP DoS (PSN-2013-04-911) 20 May 2013 7.1 (v2) High Pass Sun Java System Directory Server bind-dn Remote Privilege Escalation CVE-2008-1995 01 May 2008 6.5 (v2) Medium Pass Cisco Web Security Appliance (WSA) Server Name Identiﬁcation Data Exﬁltration (cisco-sa-sni-data-exﬁl-mFgzXqLN)CVE-2021-34749 25 Aug 2021 8.6 (v3) High Pass Script Src Integrity Check 20 Dec 2018 7.1 (v3) High Pass Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX276688) (Direct Check) CVE-2020-8193 30 Jul 2020 6.5 (v3) Medium Pass NETGEAR Hard-coded Telnet Unlock Credentials 05 Mar 2014 8.3 (v2) High Pass 3Com Switch Default Admin Credentials 25 Mar 2014 10 (v2) Critical Pass Quantum vmPRO Default Credentials Check 24 Mar 2014 10 (v2) Critical Pass OpenSSH < 3.0.1 Multiple Flaws CVE-2001-1507 20 Nov 2001 6.8 (v2) Medium Pass Stuxnet Worm Detection (uncredentialed check) 18 Nov 2010 10 (v2) Critical Pass 3Com Web Management Interface Default Credentials 25 Mar 2014 10 (v2) Critical Pass Novell GroupWise WebAccess Accessible 23 Nov 2010 5 (v2) Medium 92

RELAYTO Penetration Test Results - Page 92

RELAYTO Penetration Test Results Page 91 Page 93