RELAYTO Penetration Test Results (85/101)

Pass Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service (cisco-sa-ewlc-capwap-dos-gmNjdKOY)CVE-2021-1565 CVE-2021-34768 CVE-2021-34769 22 Sep 2021 8.6 (v3) High Pass Apache 2.4.x < 2.4.41 Multiple Vulnerabilities CVE-2019-9517 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 20 Aug 2019 9.1 (v3) Critical Pass Joomla! 1.6.x < 3.9.11 Joomla 3.9.11 Release (5775-joomla-3-9-11) CVE-2019-15028 22 Aug 2019 5.3 (v3) Medium Pass Flexera FlexNet Publisher < 11.16.2 Multiple Vulnerabilities CVE-2018-20031 CVE-2018-20032 CVE-2018-20033 CVE-2018-20034 26 Aug 2019 9.8 (v3) Critical Pass Cisco TelePresence VCS / Expressway Series < 12.5 REST API Server-Side Request Forgery Vulnerability CVE-2019-1679 27 Aug 2019 5 (v3) Medium Pass Citrix SD-WAN Center Unauthenticated Remote Command Injection CVE-2019-12985 29 Aug 2019 9.8 (v3) Critical Pass Cisco TelePresence Video Communication Server RCE (cisco-sa-ewrce-QPynNCjh) CVE-2021-34716 15 Sep 2021 7.2 (v3) High Pass Apple iTunes < 12.12.3 Multiple Vulnerabilities (uncredentialed check) CVE-2022-22611 CVE-2022-22612 CVE-2022-22629 CVE-2022-22662 15 Mar 2022 9.8 (v3) Critical Pass OpenSSL 1.1.1 < 1.1.1n Vulnerability CVE-2022-0778 16 Mar 2022 7.5 (v3) High Pass Jenkins plugins Multiple Vulnerabilities (2022-03-15) CVE-2022-27195 CVE-2022-27196 CVE-2022-27197 CVE-2022-27198 CVE-2022-27199 CVE-2022-27200 CVE-2022-27201 CVE-2022-27202 CVE-2022-27203 CVE-2022-27204 CVE-2022-27205 CVE-2022-27206 CVE-2022-27207 CVE-2022-27208 CVE-2022-27209 CVE-2022-27210 CVE-2022-27211 CVE-2022-27212 CVE-2022-27213 CVE-2022-27214 CVE-2022-27215 CVE-2022-27216 CVE-2022-27217 CVE-2022-2721816 Mar 2022 8.8 (v3) High Pass Apple iTunes U < 3.8.3 A Vulnerability (uncredentialed check) CVE-2021-30862 16 Mar 2022 6.1 (v3) Medium Pass Apache Tomcat 9.0.0.M1 < 9.0.48 vulnerability CVE-2021-33037 03 Aug 2021 5.3 (v3) Medium Pass Apache Tomcat 8.5.0 < 8.5.68 vulnerability CVE-2021-33037 03 Aug 2021 5.3 (v3) Medium Pass Pulse Connect Secure < 9.1R12 (SA44858) CVE-2021-22933 CVE-2021-22934 CVE-2021-22935 CVE-2021-22936 CVE-2021-22937 CVE-2021-22938 05 Aug 2021 7.2 (v3) High Pass Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773) CVE-2021-41773 05 Oct 2021 7.5 (v3) High Pass Linux BPFDoor Detection (Direct Check) 01 Jun 2022 10 (v3) Critical Pass Oracle Business Intelligence Publisher Multiple Vulnerabilities (January 2018 CPU) CVE-2016-2179 CVE-2017-10068 CVE-2018-2715 27 Dec 2018 8.2 (v3) High Pass Atlassian JIRA < 7.6.7 / 7.7.x < 7.10.1 Cross-Site Scripting CVE-2018-5232 05 Mar 2019 6.1 (v3) Medium Pass Atlassian JIRA < 7.2.12 / 7.3.x < 7.6.1 Cross-Site Scripting CVE-2017-14594 05 Mar 2019 6.1 (v3) Medium Pass GitLab 7.12.x < 13.8.8 / 13.9.x < 13.9.6 / 13.10.x < 13.10.3 RCE CVE-2021-22205 03 Nov 2021 10 (v3) Critical Pass Atlassian JIRA Open Redirect Vulnerabilities CVE-2019-11585 CVE-2019-11589 28 Aug 2019 6.1 (v3) Medium Pass Apache Struts 2.x < 2.3.14.3 Remote Code Execution Vulnerability (S2-012) CVE-2013-1965 13 Sep 2019 9.8 (v3) Critical Pass Apache Struts 2.0.x < 2.0.12 / 2.1.x < 2.1.6 Directory Traversal Vulnerability (S2-004) 13 Sep 2019 5.3 (v3) Medium Pass Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)CVE-2017-9791 11 Jul 2017 9.8 (v3) Critical Pass Juniper JSA10928 CVE-2019-0039 21 May 2019 8.1 (v3) High Pass Cisco IOS Software PROFINET denial of service (cisco-sa-20170927-proﬁnet) CVE-2017-12235 05 Oct 2017 7.5 (v3) High Pass Multiple Adobe Products XML External Entity (XXE) Injection (APSB10-05) CVE-2009-3960 01 Mar 2010 4.3 (v2) Medium Pass VMware vCenter Multiple Vulnerabilities (VMSA-2012-0013) CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0504 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1720 CVE-2012-1723 CVE-2012-172505 Jun 2013 10 (v2) Critical Pass NETGEAR Multiple Model cgi-bin RCE CVE-2016-6277 14 Dec 2016 8.8 (v3) High Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check) CVE-2010-0405 CVE-2011-3190 CVE-2011-3375 CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 CVE-2012-0022 CVE-2012-1508 CVE-2012-1510 CVE-2012-151203 Mar 2016 10 (v2) Critical Pass Adobe ColdFusion Authentication Bypass (APSB13-03) CVE-2013-0632 19 Feb 2013 10 (v2) Critical Pass OpenSSL 3.0.0 < 3.0.1 Vulnerability CVE-2021-4044 CVE-2021-4160 15 Dec 2021 5.9 (v3) Medium Pass AXIS Web Interface Detection 12 Dec 2017 None Pass Intel Management Engine Active Management Technology (AMT) Remote Access Enabled 12 Jan 2018 None Pass Microsoft SQL Server Login Possible 24 Jun 2016 None Pass Atlassian Jira 7.13.x < 7.13.3, 8.x < 8.1.1 Cross-Site Scripting Vulnerability CVE-2019-3402 25 Oct 2019 6.1 (v3) Medium Pass Oracle Business Intelligence Publisher Information Disclosure (Oct 2016 CPU) CVE-2016-3473 25 Oct 2019 7.7 (v3) High Pass LusyPOS Malware Detection 12 Jan 2014 None Pass Cisco Uniﬁed Communications Manager Security Bypass Vulnerability (cisco-sa-20191002-ucm-secbypass)CVE-2019-15272 30 Oct 2019 6.5 (v3) Medium Pass ALCASAR Detection 20 Jan 2015 None Pass OpenMediaVault Web Detection 18 Dec 2013 None Pass Apache Solr Detection 07 Jan 2014 None Pass HP Intelligent Management Center Web Administration Interface Detection 10 Dec 2013 None Pass Atlassian Jira Server and Data Center Template Injection Vulnerability (JRASERVER-69933) CVE-2019-15001 06 Nov 2019 7.2 (v3) High Pass McAfee Cloud Single Sign On User Interface Detection 25 Mar 2014 None Pass VMware vCenter Data Collection 27 Nov 2012 None Pass Palo Alto Networks PAN-OS Compliance Checks 19 Feb 2013 None Pass PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution CVE-2012-1823 04 May 2012 7.5 (v2) High Pass MacOS Malicious File Detection 26 Jun 2019 10 (v3) Critical Pass Oracle Database Multiple Vulnerabilities (October 2014 CPU) CVE-2014-0050 CVE-2014-2478 CVE-2014-4289 CVE-2014-4290 CVE-2014-4291 CVE-2014-4292 CVE-2014-4293 CVE-2014-4294 CVE-2014-4295 CVE-2014-4296 CVE-2014-4297 CVE-2014-4298 CVE-2014-4299 CVE-2014-4300 CVE-2014-4301 CVE-2014-4310 CVE-2014-6452 CVE-2014-6453 CVE-2014-6454 CVE-2014-6455 CVE-2014-6467 CVE-2014-6477 CVE-2014-6483 CVE-2014-6537 CVE-2014-6538 CVE-2014-6542 CVE-2014-6543 CVE-2014-6544 CVE-2014-6545 CVE-2014-6546 CVE-2014-6547 CVE-2014-6560 CVE-2014-656317 Oct 2014 9 (v2) High Pass Oracle E-Business Suite Multiple Vulnerabilities (Jan 2021 CPU) CVE-2021-2015 CVE-2021-2017 CVE-2021-2023 CVE-2021-2026 CVE-2021-2027 CVE-2021-2029 CVE-2021-2034 CVE-2021-2059 CVE-2021-2077 CVE-2021-2082 CVE-2021-2083 CVE-2021-2084 CVE-2021-2085 CVE-2021-2089 CVE-2021-2090 CVE-2021-2091 CVE-2021-2092 CVE-2021-2093 CVE-2021-2094 CVE-2021-2096 CVE-2021-2097 CVE-2021-2098 CVE-2021-2099 CVE-2021-2100 CVE-2021-2101 CVE-2021-2105 CVE-2021-2106 CVE-2021-2107 CVE-2021-2114 CVE-2021-2115 CVE-2021-211820 Jan 2021 9.8 (v3) Critical Pass IBM Spectrum Protect Plus Web UI Detection 21 Apr 2020 None Pass Selligent Message Studio Detection 20 Oct 2020 None Pass Microsoft Exchange Server Authentication Bypass CVE-2021-26855 08 Mar 2021 9.8 (v3) Critical Pass Cisco IOS OSPF LSA Manipulation (cisco-sa-20170727-ospf) CVE-2017-6770 27 Nov 2019 4.2 (v3) Medium Pass SonicWall Secure Mobile Access Arbitrary File Delete (SNWLID-2021-0021) CVE-2021-20034 01 Oct 2021 9.1 (v3) Critical Pass Apache Solr Log4Shell Direct Check (CVE-2021-44228) CVE-2021-44228 05 Jan 2022 10 (v3) Critical Pass Tenable Nessus 10.x < 10.1.0 / 8.x < 8.15.3 Third-Party Vulnerability (TNS-2022-04) CVE-2021-23358 03 Feb 2022 7.2 (v3) High Pass Samba 4.13.x < 4.13.17 / 4.14.x < 4.14.12 / 4.15.x < 4.15.5 Multiple Vulnerabilities CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 03 Feb 2022 8.8 (v3) High Pass IBM WebSphere Application Server Liberty 21.0.0.10 <= 21.0.0.12 Information Disclosure (6541530) CVE-2022-22310 10 Feb 2022 6.5 (v3) Medium Pass Cisco Uniﬁed Communications Manager SQL Injection Vulnerability CVE-2019-15972 06 Dec 2019 8.8 (v3) High Pass Palo Alto Networks PAN-OS for Panorama < 9.0.15 / 9.1.12-h3 / 10.0.8-h8 Multiple RCE (Log4Shell) CVE-2021-44228 CVE-2021-45046 10 Feb 2022 10 (v3) Critical Pass Atlassian JIRA < 7.8.1 Cross-Site Scripting (XSS) Vulnerability (JRASERVER-67106) CVE-2017-18100 06 Jan 2020 6.1 (v3) Medium Pass PHP 7.2.x < 7.2.28 / PHP 7.3.x < 7.3.15 / 7.4.x < 7.4.3 Multiple Vulnerabilities CVE-2020-7061 CVE-2020-7062 CVE-2020-7063 28 Feb 2020 9.1 (v3) Critical Pass Cisco Email Security Appliance URL Filtering Bypass (cisco-sa-esa-url-bypass-sGcfsDrp) CVE-2021-1534 08 Oct 2021 5.3 (v3) Medium Pass AXIS OS 5.51 < 5.51.7.5 / 6.0 < 6.50.5.5 / 7.0 < 8.40.4.3 / 9.0 < 9.80.3.5 / 10.0 < 10.8 Multiple VulnerabilitiesCVE-2021-31986 CVE-2021-31987 CVE-2021-31988 08 Oct 2021 8.8 (v3) High Pass Apache 2.4.49 < 2.4.51 Path Traversal Vulnerability CVE-2021-42013 08 Oct 2021 9.8 (v3) Critical Pass Cisco Uniﬁed Communications Manager XML External Expansion Vulnerability (cisco-sa-20191002-cucm-xxe)CVE-2019-12711 22 Apr 2020 6.5 (v3) Medium Pass SonicWall Secure Mobile Access Multiple Vulnerabilities (SNWLID-2021-0026) CVE-2021-20038 CVE-2021-20039 CVE-2021-20040 CVE-2021-20041 CVE-2021-20042 CVE-2021-20043 CVE-2021-20044 CVE-2021-2004509 Dec 2021 9.8 (v3) Critical Pass Security Updates for Exchange (November 2021) (Remote) CVE-2021-41349 CVE-2021-42305 CVE-2021-42321 09 Dec 2021 8.8 (v3) High Pass ThinkPHP Detection 10 Dec 2021 None Pass Juniper Junos OS Evolved DoS (JSA69505) CVE-2022-22194 25 Apr 2022 7.5 (v3) High Pass SolarWinds Orion Platform 2020.2.0 < 2020.2.4 CVE-2021-27258 17 Mar 2022 9.8 (v3) Critical Pass Oracle E-Business Version and Patch Info 27 Sep 2013 None Pass UltraVNC Java Viewer Detection 09 Jan 2014 None Pass Citrix EdgeSight Load Tester (ESLT) version detection 22 Aug 2011 None Pass Unsupported Web Server Detection 21 Oct 2008 10 (v3) Critical Pass PHP 7.3.x < 7.3.33 CVE-2021-21707 18 Nov 2021 5.3 (v3) Medium Pass Oracle Database Multiple Vulnerabilities (January 2015 CPU) CVE-2014-6514 CVE-2014-6541 CVE-2014-6567 CVE-2014-6577 CVE-2014-6578 CVE-2015-0370 CVE-2015-0371 CVE-2015-0373 22 Jan 2015 9 (v2) High Pass Apache Tomcat 7.0.x < 7.0.59 Security Manager Bypass CVE-2014-7810 21 May 2015 7.3 (v3) High Pass Apache Tomcat 8.0.x < 8.0.17 Security Manager Bypass CVE-2014-7810 21 May 2015 7.3 (v3) High Pass Jenkins Git Plugin < 4.8.3 XSS CVE-2021-21684 19 Nov 2021 6.1 (v3) Medium Pass Nutanix Data Collection 25 Apr 2022 None Pass Oracle Database Multiple Vulnerabilities (April 2016 CPU) CVE-2016-0677 CVE-2016-0681 CVE-2016-0690 CVE-2016-0691 CVE-2016-3454 27 Apr 2016 9 (v3) Critical Pass Juniper Junos OS Vulnerability (JSA11238) CVE-2021-31373 02 Jun 2022 5.4 (v3) Medium Pass PHP 7.4.x < 7.4.18 / 8.x < 8.0.5 Integer Overﬂow 07 May 2021 8.3 (v3) High Pass Atlassian Conﬂuence < 7.11.0 SSRF (CONFSERVER-61453) CVE-2020-29445 12 May 2021 4.3 (v3) Medium Pass Cisco Uniﬁed Communications Manager XSS (cisco-sa-cucm-xss-Q4PZcNzJ) CVE-2021-1380 CVE-2021-1407 CVE-2021-1408 CVE-2021-1409 13 May 2021 6.1 (v3) Medium Pass nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE CVE-2021-23017 03 Jun 2021 9.4 (v3) Critical Pass Apache 2.4.x < 2.4.48 Vulnerability CVE-2021-31618 04 Jun 2021 7.5 (v3) High Pass Apache Tomcat 10.0.0.M1 < 10.0.0.M8 vulnerability CVE-2020-13943 21 Jun 2021 4.3 (v3) Medium Pass Dragonﬂy CMS install.php newlang Parameter Local File Inclusion CVE-2006-0644 10 Feb 2006 7.5 (v2) High Pass ICMP Domain Name Request 12 Feb 2006 None Pass CommuniGate Pro Server < 5.0.8 LDAP Module Field Handling Remote DoS CVE-2006-0566 13 Feb 2006 5 (v2) Medium Pass PmWiki < 2.1 beta 21 Multiple Vulnerabilities CVE-2006-0479 13 Feb 2006 4.3 (v2) Medium Pass LinPHA <= 1.0 Multiple Vulnerabilities CVE-2006-0713 13 Feb 2006 5 (v2) Medium Pass HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access CVE-2006-0656 13 Feb 2006 5 (v2) Medium Pass IBM Tivoli Directory Server LDAP Packet Handling DoS CVE-2006-0717 14 Feb 2006 5 (v2) Medium Pass dotProject Multiple Scripts Remote File Inclusion CVE-2006-0754 CVE-2006-0755 CVE-2006-4234 15 Feb 2006 7.5 (v2) High Pass Flyspray install-0.9.7.php adodbpath Parameter Remote File Inclusion CVE-2006-0714 16 Feb 2006 5 (v2) Medium Pass MyBB < 1.04 misc.php SQLi CVE-2006-0959 16 Feb 2006 7.5 (v2) High Pass PostNuke < 0.762 Multiple Vulnerabilities CVE-2006-0800 CVE-2006-0801 CVE-2006-0802 22 Feb 2006 5.1 (v2) Medium Pass SquirrelMail < 1.4.6 Multiple Vulnerabilities CVE-2006-0188 CVE-2006-0195 CVE-2006-0377 22 Feb 2006 5 (v2) Medium Pass Noah's Classiﬁeds <= 1.3 Multiple Vulnerabilities CVE-2006-0879 CVE-2006-0880 CVE-2006-0881 CVE-2006-0882 23 Feb 2006 7.5 (v2) High Pass Plume CMS < 1.0.3 Remote File Inclusion CVE-2006-0725 23 Feb 2006 7.5 (v2) High Pass NOCC <= 1.0 Multiple Vulnerabilities CVE-2006-0891 CVE-2006-0892 CVE-2006-0893 CVE-2006-0894 CVE-2006-0895 25 Feb 2006 7.5 (v2) High Pass phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution CVE-2006-1032 28 Feb 2006 8.8 (v3) High Pass HP System Management Homepage (SMH) on Windows Namazu lang Parameter Traversal Arbitrary File AccessCVE-2006-1023 01 Mar 2006 5 (v2) Medium Pass imageVue < 16.2 admin/upload.php Unrestricted File Upload CVE-2006-0702 03 Mar 2006 7.5 (v2) High Pass vBulletin Email Field XSS CVE-2006-1040 03 Mar 2006 4.3 (v2) Medium Pass Retrospect Client Detection 03 Mar 2006 None Pass Gallery < 2.0.3 IP Spooﬁng CVE-2006-1126 CVE-2006-1127 CVE-2006-1128 06 Mar 2006 6.4 (v2) Medium 85

RELAYTO Penetration Test Results - Page 85

RELAYTO Penetration Test Results Page 84 Page 86