Pass Oracle E-Business Multiple Vulnerabilities (July 2015 CPU) CVE-2014-3571 CVE-2015-1926 CVE-2015-2610 CVE-2015-2615 CVE-2015-2618 CVE-2015-2630 CVE-2015-2645 CVE-2015-2652 CVE-2015-4728 CVE-2015-4739 CVE-2015-4741 CVE-2015-4743 CVE-2015-476515 Jul 2015 5.5 (v2) Medium Pass Oracle E-Business Multiple Vulnerabilities (October 2015 CPU) CVE-2015-4762 CVE-2015-4798 CVE-2015-4839 CVE-2015-4845 CVE-2015-4846 CVE-2015-4849 CVE-2015-4851 CVE-2015-4854 CVE-2015-4865 CVE-2015-4884 CVE-2015-4886 CVE-2015-489821 Oct 2015 10 (v2) Critical Pass Oracle E-Business Multiple Vulnerabilities (October 2016 CPU) CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-5489 CVE-2016-5517 CVE-2016-5532 CVE-2016-5557 CVE-2016-5562 CVE-2016-5567 CVE-2016-5570 CVE-2016-5571 CVE-2016-5575 CVE-2016-5581 CVE-2016-5583 CVE-2016-5585 CVE-2016-5586 CVE-2016-5587 CVE-2016-5589 CVE-2016-5591 CVE-2016-5592 CVE-2016-5593 CVE-2016-5595 CVE-2016-559620 Oct 2016 8.2 (v3) High Pass Oracle E-Business Multiple Vulnerabilities (July 2018 CPU) CVE-2018-2934 CVE-2018-2953 CVE-2018-2988 CVE-2018-2991 CVE-2018-2993 CVE-2018-2994 CVE-2018-2995 CVE-2018-2996 CVE-2018-2997 CVE-2018-3008 CVE-2018-3012 CVE-2018-3017 CVE-2018-301820 Jul 2018 8.2 (v3) High Pass Oracle E-Business Multiple Vulnerabilities (Jan 2019 CPU) CVE-2019-2396 CVE-2019-2400 CVE-2019-2440 CVE-2019-2445 CVE-2019-2447 CVE-2019-2453 CVE-2019-2470 CVE-2019-2485 CVE-2019-2488 CVE-2019-2489 CVE-2019-2491 CVE-2019-2492 CVE-2019-2496 CVE-2019-2497 CVE-2019-2498 CVE-2019-254618 Jan 2019 9.1 (v3) Critical Pass DNP3 Outstation Unsolicited Messaging Support 11 Dec 2006 5 (v2) Medium Pass Juniper Junos OS Spoofing (JSA11240) CVE-2021-31375 25 Mar 2022 5.3 (v3) Medium Pass ArubaOS-CX < 10.04.2000 Memory Corruption (ARUBA-PSA-2020-009) CVE-2020-7122 01 Jun 2021 7.5 (v3) High Pass ArubaOS-CX < 10.04.3031 Memory Corruption (ARUBA-PSA-2020-009) CVE-2020-7121 01 Jun 2021 7.5 (v3) High Pass Sybase EAServer 6.3.1 < 6.3.1.07 Build 63107 / 6.2 < 6.2.0.12 Build 62012 Multiple Vulnerabilities 27 Jun 2013 10 (v2) Critical Pass Multiple Web Server Encoded Space (%20) Request ASP Source Disclosure CVE-2001-1248 CVE-2007-3407 14 Aug 2002 5.3 (v3) Medium Pass Cisco Email Security Appliance MP3 Content Filter Bypass (cisco-sa-20191120-esa-mp3-bypass) CVE-2019-15971 29 Jul 2020 4.3 (v3) Medium Pass Sybase EAServer XML External Entity (XXE) Arbitrary File Disclosure 31 Jul 2013 7.8 (v2) High Pass CA iTechnology iGateway Service Content-Length Buffer Overflow CVE-2005-3653 24 Jan 2006 10 (v2) Critical Pass Cisco UCS Director Authentication Bypass (cisco-sa-20190821-imcs-ucs-authby) CVE-2019-1937 26 Aug 2019 9.8 (v3) Critical Pass Adobe Connect < 11.0.5 XSS (ASPB20-69) CVE-2020-24442 CVE-2020-24443 12 Nov 2020 6.1 (v3) Medium Pass ManageEngine Desktop Central 10 < Build 100282 Remote Privilege Escalation CVE-2018-13411 CVE-2018-13412 21 Sep 2018 8.8 (v3) High Pass ManageEngine Desktop Central < 10 Build 10.0.533 Integer Overflow CVE-2020-15588 06 Aug 2020 9.8 (v3) Critical Pass ISC BIND Zone Update Vulnerability (cve-2020-8624) CVE-2020-8624 27 Aug 2020 4.3 (v3) Medium Pass ISC BIND 9.x < 9.11.22, 9.12.x < 9.16.6, 9.17.x < 9.17.4 DoS CVE-2020-8622 27 Aug 2020 6.5 (v3) Medium Pass Juniper Junos BGP DoS (JSA11024) CVE-2020-1640 10 Sep 2020 7.5 (v3) High Pass Cisco UCS Director Authentication Bypass (cisco-sa-20190821-imcs-ucs-authbypass) CVE-2019-1974 09 Jun 2020 9.8 (v3) Critical Pass Juniper Junos MX Series PFE Large Packet DoS (JSA11041) CVE-2020-1655 24 Jul 2020 5.3 (v3) Medium Pass Juniper Junos Denial of Service (DoS) JSA11030 CVE-2020-1643 17 Jul 2020 5.5 (v3) Medium Pass Juniper Junos RPD Crash DoS (JSA11032) CVE-2020-1644 24 Jul 2020 7.5 (v3) High Pass Juniper Junos Kernel Crash (vmcore) or FPC Crash (JSA11040) CVE-2020-1653 24 Jul 2020 7.5 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.19 / 8.0.x < 8.0.12 / 8.1.x < 8.1.3 Vulnerability CVE-2019-1579 19 Jul 2019 8.1 (v3) High Pass Cisco Email Security Appliance URL Filtering Bypass (cisco-sa-esa-url-bypass-zZtugtg3) CVE-2020-3568 09 Oct 2020 5.8 (v3) Medium Pass Juniper Junos MX/EX9200 Series: DDoS Vulnerability (JSA11062) CVE-2020-1665 23 Oct 2020 5.3 (v3) Medium Pass Juniper Junos SNMP DoS (JSA11080) CVE-2020-1683 23 Oct 2020 7.5 (v3) High Pass Juniper Junos NFX350 Series Readable Password Hashes Vulnerability (JSA11066) CVE-2020-1669 22 Oct 2020 6.3 (v3) Medium Pass Juniper Junos OS PTX/QFX Series: Unexpected Packet Forwarding Vulnerability (JSA11076) CVE-2020-1679 23 Oct 2020 7.5 (v3) High Pass Juniper Junos OS SRX Series: High CPU Load Utilization Vulnerability (JSA11081) CVE-2020-1684 23 Oct 2020 7.5 (v3) High Pass IBM MQ 8.0 < 8.0.0.15 / 8.1 < 8.1.0.5 HPE/ 9.1 < 9.1.0.5 LTS / 9.1 < 9.2 CD DoS CVE-2020-4376 02 Sep 2020 6.5 (v3) Medium Pass Juniper Junos OS Privilege Escalation (JSA11237) CVE-2021-31372 29 Mar 2022 8.8 (v3) High Pass Juniper Junos OS DoS (JSA11239) CVE-2021-31374 29 Mar 2022 7.5 (v3) High Pass Oracle Containers for J2EE Detection 21 May 2014 None Pass Juniper JSA11147 CVE-2021-0254 13 May 2021 9.8 (v3) Critical Pass Cisco TANDBERG MXP < 9.0 SNMP Packet Handling DoS 10 Sep 2013 7.8 (v2) High Pass Cisco Email Security Appliance Zip Content Filter Bypass (cisco-sa-esa-zip-bypass-gbU4gtTg) CVE-2020-26082 21 May 2021 5.8 (v3) Medium Pass Nagios Fusion < 4.1.9 Multiple Vulnerabilities CVE-2020-28900 CVE-2020-28901 CVE-2020-28902 CVE-2020-28903 CVE-2020-28904 CVE-2020-28905 CVE-2020-28906 CVE-2020-28907 CVE-2020-28908 CVE-2020-28909 CVE-2020-2891128 May 2021 9.8 (v3) Critical Pass Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32) CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6305 CVE-2016-6306 CVE-2016-6307 CVE-2016-6308 CVE-2016-6309 CVE-2016-7052 CVE-2017-3562 CVE-2017-10112 CVE-2017-10113 CVE-2017-10130 CVE-2017-10143 CVE-2017-10144 CVE-2017-10170 CVE-2017-10171 CVE-2017-10174 CVE-2017-10175 CVE-2017-10177 CVE-2017-10179 CVE-2017-10180 CVE-2017-10184 CVE-2017-10185 CVE-2017-10186 CVE-2017-10191 CVE-2017-10192 CVE-2017-10244 CVE-2017-10245 CVE-2017-1024620 Jul 2017 9.8 (v3) Critical Pass ArubaOS-Switch 16.08 < 16.08.0009 / 16.09 < 16.09.0007 / 16.10 < 16.10.0003 (ARUBA-PSA-2020-001) CVE-2019-5322 01 Jun 2021 7.5 (v3) High Pass ManageEngine SupportCenter Plus < 7.9 Build 7917 attach Parameter Directory Traversal 03 Feb 2014 7.7 (v3) High Pass CockroachDB 19.2 < 19.2.12 / 20.1 < 20.1.11 / 20.2 < 20.2.4 DoS (A58932) CVE-2021-3121 04 Apr 2022 8.6 (v3) High Pass Juniper Junos OS Blocking Unexpected Traffic (JSA11095) CVE-2021-0205 02 Jun 2021 5.8 (v3) Medium Pass Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-018) 27 Nov 2012 4.3 (v2) Medium Pass nginx ngx_http_proxy_module.c Memory Disclosure CVE-2013-2070 29 May 2013 6.5 (v3) Medium Pass Juniper Junos OS Privilege Escalation in J-Web (JSA11100) CVE-2021-0210 04 Feb 2021 6.8 (v3) Medium Pass Pivotal RabbitMQ Management Plugin 3.4.x / 3.5.x / 3.6.x < 3.6.9 Multiple Vulnerabilities CVE-2017-4965 CVE-2017-4966 CVE-2017-4967 19 May 2017 6.1 (v3) Medium Pass IBM WebSphere Application Server 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.19 / 9.0.0.0 <= 9.0.5.6 Directory TCVE-2021-20354raversal (CVE-2021-20354) 25 Feb 2021 7.5 (v3) High Pass Cisco Content Security Management Appliance Information Disclosure (cisco-sa-esa-sma-info-disclo-VOu2GHbZ)CVE-2021-1425 05 Mar 2021 4.3 (v3) Medium Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.13 / 9.0.x < 9.0.7 RCE CVE-2020-1990 16 Apr 2020 7.2 (v3) High Pass Cisco Email Security Appliance Information Disclosure (cisco-sa-esa-sma-info-disclo-VOu2GHbZ) (deprecated)CVE-2021-1425 05 Mar 2021 4.3 (v3) Medium Pass Artifactory Detect 12 Mar 2014 None Pass Cisco IOS XE Software Denial of Service (cisco-sa-ewlc-dos-AnvKvMxR) CVE-2020-3206 18 Jun 2020 4.7 (v3) Medium Pass OS Security Patch Assessment Checks Not Supported 26 Jun 2018 None Pass Trend Micro SafeSync for Enterprise (SSFE) Detection 05 Jun 2017 None Pass Kibana Detection 21 May 2018 None Pass ManageEngine SupportCenter Plus < 7.9 Build 7905 Multiple Vulnerabilities 03 May 2012 7.4 (v3) High Pass MacOS root Authentication Bypass Direct check over VNC Server (unauthenticated) 30 Nov 2017 9.8 (v3) Critical Pass CoDeSys Unauthenticated Command-line Access CVE-2012-6068 02 Nov 2012 9.8 (v3) Critical Pass nginx < 1.0.14 / 1.1.17 HTTP Header Response Memory Disclosure CVE-2012-1180 21 Mar 2012 5.3 (v3) Medium Pass Apache Druid Detection 30 Mar 2021 None Pass nginx HTTP Request Multiple Vulnerabilities CVE-2009-2629 CVE-2009-3896 24 Sep 2009 7.3 (v3) High Pass HP OfficeJet Printer Detection 02 Jun 2014 None Noise SYN Scanner 04 Feb 2009 None Pass Adobe Connect <11.2.2 Privilege Escalation (ASPB21-36) CVE-2021-28579 10 Jun 2021 4.3 (v3) Medium Pass Oracle Database Unsupported Version Detection 09 Aug 2011 10 (v2) Critical Pass DTLS Service Detection 14 Sep 2020 None Pass Adobe Experience Manager 6.3 < 6.4.8.4 / 6.5 < 6.5.8.0 Multiple Vulnerabilities (APSB21-15) CVE-2021-21083 CVE-2021-21084 12 May 2021 6.1 (v3) Medium Pass Citrix SD-WAN Center 10.2.x < 10.2.8 / 11.1.x < 11.1.2b / 11.2.x < 11.2.2 Multiple Vulnerabilities (CTX285061)CVE-2020-8271 CVE-2020-8272 CVE-2020-8273 13 Nov 2020 9.8 (v3) Critical Pass Apache Tomcat 10.0.0.M1 < 10.0.0.M6 vulnerability CVE-2020-11996 21 Jun 2021 7.5 (v3) High Pass VMware vCenter Server 6.5 / 6.7 Session Hijack (VMSA-2020-0023) CVE-2020-3994 24 Jun 2021 7.4 (v3) High Pass ArubaOS-Switch Multiple Vulnerabilities (ARUBA-PSA-2020-007) CVE-2019-5320 CVE-2019-5321 24 Jun 2021 8.8 (v3) High Pass Apache on Windows mod_alias URL Validation Canonicalization CGI Source Information Disclosure CVE-2006-4110 18 Nov 2011 5.6 (v3) Medium Pass Cisco IOS XE Software Web UI Privilege Escalation Vulnerability CVE-2017-12230 02 Oct 2017 8.8 (v3) High Pass Cisco IOS XE Software HTTP DoS Vulnerability (cisco-sa-20180926-webdos) CVE-2018-0470 05 Oct 2018 8.6 (v3) High Pass Cisco Application Services Engine Unauthorized Access Vulnerabilities (cisco-sa-case-mvuln-dYrDPC6w) CVE-2021-1393 CVE-2021-1396 28 Jun 2021 9.8 (v3) Critical Pass VMware Carbon Black App Control Web Console Detection 29 Jun 2021 None Pass Easy WP SMTP Plugin for WordPress < 1.4.4 Sensitive Information Disclosure 30 Jun 2021 7.4 (v3) High Pass IBM Spectrum Protect Plus OpenSSH Remote Command Injection CVE-2020-15778 30 Jun 2021 7.8 (v3) High Pass Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability CVE-2018-0151 29 Mar 2018 9.8 (v3) Critical Pass Cisco IOS XE Software Linux Kernel IP Fragment DoS (cisco-sa-20180824-linux-ip-fragment) CVE-2018-5391 29 Mar 2019 7.5 (v3) High Pass Cisco IOS XE Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities (cisco-sa-20180328-lldp)CVE-2018-0167 CVE-2018-0175 06 Apr 2018 8.8 (v3) High Pass Cisco IOS XE Software IP Fragment Reassembly DoS (cisco-sa-20160928-frag) CVE-2016-6386 14 Nov 2019 7.5 (v3) High Pass Tenable Nessus 8.x.x < 8.14.0 Privilege Escalation (TNS-2021-07) CVE-2021-20079 05 May 2021 6.7 (v3) Medium Pass ArubaOS-Switch Memory Corruption Vulnerability (ARUBA-PSA-2021-003) CVE-2020-27337 14 Jun 2021 7.3 (v3) High Pass ArubaOS-CX < 10.3.0001 (ARUBA-PSA-2020-010) CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 31 May 2021 7.5 (v3) High Pass Juniper Junos OS Vulnerability (JSA11119) CVE-2021-0224 15 Apr 2021 6.5 (v3) Medium Pass Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass (cisco-sa-mso-authbyp-bb5GmBQv)CVE-2021-1388 28 Jun 2021 10 (v3) Critical Pass Cisco IOS XE Software SD WAN Arbitrary Command Execution (cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3)CVE-2021-1432 06 Jul 2021 7.3 (v3) High Pass GitLab < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.9.2 Multiple Vulnerabilities CVE-2022-1099 CVE-2022-1120 CVE-2022-1121 CVE-2022-1157 18 Apr 2022 6.5 (v3) Medium Pass GitLab 12.2.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 Information Disclosure CVE-2022-1189 18 Apr 2022 4.3 (v3) Medium Pass GitLab 13.7.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 DoS CVE-2022-1174 18 Apr 2022 7.5 (v3) High Pass Netscape NSS Library SSLv2 Challenge Overflow CVE-2004-0826 24 Aug 2004 7.5 (v2) High Pass Cisco Integrated Management Controller Username Enumeration (cisco-sa-cimc-enum-CyheP3B7) CVE-2020-26062 09 Jul 2021 5.3 (v3) Medium Pass GitLab 13.1.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 DoS CVE-2022-1100 18 Apr 2022 4.3 (v3) Medium Pass GitLab 12.1.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 SSRF CVE-2022-1188 18 Apr 2022 5.3 (v3) Medium Pass GitLab 7.8.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 Improper Authorization CVE-2022-0740 18 Apr 2022 4.3 (v3) Medium Pass GitLab 10.7.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 Improper Access Control CVE-2022-1193 18 Apr 2022 4.3 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11194) (deprecated) 14 Jul 2021 7.5 (v3) High Pass Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port DoS (cisco-sa-apic-lldap-dos-WCVE-2021-1231erV9CFj) 07 Jul 2021 4.7 (v3) Medium Pass Apache Shiro HTTP Detection 18 Apr 2022 None Pass Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Arbitrary Command Execution (cisco-sa-20191106-sbrv-cmd-x)CVE-2019-15271 08 Jul 2021 8.8 (v3) High Pass Juniper Junos OS Vulnerability (JSA11208) 14 Jul 2021 7.5 (v3) High Pass Siemens SCALANCE X-200 Authentication Bypass CVE-2013-5944 21 Oct 2013 10 (v2) Critical Pass Apache APISIX 1.2 <= 1.5 Information Disclosure CVE-2020-13945 20 Apr 2022 6.5 (v3) Medium Pass ForgeRock Access Management Detection 02 Jul 2021 None Pass GitLab 12.10.0 < 14.2.6 / 13.0.0 < 14.3.4 / 13.1.0 < 14.4.1 Improper Access Control CVE-2021-39904 20 Apr 2022 4.3 (v3) Medium Pass GitLab 13.7.0 < 14.2.6 / 13.8.0 < 14.3.4 / 13.9.0 < 14.4.1 Information Disclosure CVE-2021-39911 20 Apr 2022 4.3 (v3) Medium Pass GitLab 11.9.x < 13.8.8 / 13.9.0 < 13.9.6 / 13.10.0 < 13.10.3 Remote Code Execution CVE-2021-22205 20 Apr 2022 10 (v3) Critical 38
RELAYTO Penetration Test Results Page 37 Page 39