Pass Juniper Junos OS Vulnerability (JSA11228) CVE-2021-31366 13 Oct 2021 6.5 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11236) CVE-2021-31371 13 Oct 2021 5.3 (v3) Medium Pass Apache Tomcat 8.5.60 < 8.5.72 vulnerability CVE-2021-42340 14 Oct 2021 7.5 (v3) High Pass Apache Tomcat 10.0.0.M10 < 10.0.12 vulnerability CVE-2021-42340 14 Oct 2021 7.5 (v3) High Pass Apache Tomcat 9.0.40 < 9.0.54 vulnerability CVE-2021-42340 14 Oct 2021 7.5 (v3) High Pass PHP 5.6.x < 5.6.19 Multiple Vulnerabilities CVE-2016-3141 CVE-2016-3142 17 Mar 2016 9.8 (v3) Critical Pass Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities CVE-2022-20612 CVE-2022-20613 CVE-2022-20614 CVE-2022-20615 CVE-2022-20616 CVE-2022-20617 CVE-2022-20618 CVE-2022-20619 CVE-2022-20620 CVE-2022-20621 CVE-2022-23105 CVE-2022-23106 CVE-2022-23107 CVE-2022-23108 CVE-2022-23109 CVE-2022-23110 CVE-2022-23111 CVE-2022-23112 CVE-2022-23113 CVE-2022-23114 CVE-2022-23115 CVE-2022-23116 CVE-2022-23117 CVE-2022-2311821 Jan 2022 8.8 (v3) High Pass MobileIron Core Log4Shell Direct Check (CVE-2021-44228) CVE-2021-44228 21 Jan 2022 10 (v3) Critical Pass PHP 7.0.x < 7.0.4 Multiple Vulnerabilities CVE-2016-3185 CVE-2016-4344 CVE-2016-4345 CVE-2016-4346 17 Mar 2016 9.8 (v3) Critical Pass Apache ActiveMQ Web Console Missing X-Frame-Options Clickjacking CVE-2016-0734 18 Mar 2016 6.1 (v3) Medium Pass WordPress User Enumeration 21 Mar 2016 5 (v2) Medium Pass DNN (DotNetNuke) < 8.0.1 Multiple Vulnerabilities 25 Mar 2016 6.8 (v2) Medium Pass Apache Jetspeed Portal URI Path Reflected XSS CVE-2016-0712 28 Mar 2016 6.1 (v3) Medium Pass HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK) CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-2522 CVE-2014-2641 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3143 CVE-2015-3145 CVE-2015-314829 Mar 2016 7.5 (v2) High Pass PHP 5.5.x < 5.5.34 Multiple Vulnerabilities CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 06 Apr 2016 9.8 (v3) Critical Pass Cisco SPA ATA Web Interface Detection 17 Oct 2019 None Pass Adobe ColdFusion File Upload (APSB18-33) (CVE-2018-15961) CVE-2018-15961 25 Oct 2019 9.8 (v3) Critical Pass 3S CODESYS V3 CmpWebServer Multiple Vulnerabilities CVE-2019-13532 CVE-2019-13548 30 Sep 2019 9.8 (v3) Critical Pass Arista Networks Device Detection 28 Feb 2018 None Pass CODESYS Gateway V3 DoS CVE-2019-9012 31 Oct 2019 7.5 (v3) High Pass macOS 10.14.x < 10.14.1 Multiple Vulnerabilities CVE-2018-3640 CVE-2018-4340 CVE-2018-4342 CVE-2018-4368 CVE-2018-4369 CVE-2018-4371 CVE-2018-4389 CVE-2018-4398 CVE-2018-4400 CVE-2018-4402 CVE-2018-4403 CVE-2018-4410 CVE-2018-4413 CVE-2018-4415 CVE-2018-4419 CVE-2018-4420 CVE-2018-4422 CVE-2018-4423 CVE-2018-4424 CVE-2018-442531 Oct 2018 7.8 (v3) High Pass SolarWinds Dameware Mini Remote Control Unauthenticated RCE CVE-2019-3980 01 Nov 2019 9.8 (v3) Critical Pass Siemens SINEMA Remote Connect Server Detection 02 Dec 2019 None Pass Microsoft Windows 10 Version 1607 Unsupported Version Detection 02 Nov 2018 10 (v3) Critical Pass macOS 10.14.x < 10.14.2 Multiple Vulnerabilities CVE-2018-4303 CVE-2018-4431 CVE-2018-4434 CVE-2018-4435 CVE-2018-4447 CVE-2018-4449 CVE-2018-4450 CVE-2018-4460 CVE-2018-4461 CVE-2018-4462 CVE-2018-4463 CVE-2018-446521 Dec 2018 7.8 (v3) High Pass Apache Tomcat AJP Connector Request Injection (Ghostcat) CVE-2020-1745 CVE-2020-1938 24 Mar 2020 9.8 (v3) Critical Pass Atlassian JIRA global-translations.jsp XSS (JRASERVER-61888) CVE-2016-6285 16 Jan 2020 6.1 (v3) Medium Pass SaltStack < 2019.2.4 / 3000.x < 3000.2 Authentication Bypass (CVE-2020-11651) CVE-2020-11651 08 May 2020 9.8 (v3) Critical Pass ShareFile Documents Unauthenticated Access (CVE-2020-7473) CVE-2020-7473 CVE-2020-8982 CVE-2020-8983 02 Jun 2020 7.5 (v3) High Pass Trend Micro Worry-Free Business Security Detection 18 Aug 2020 None Pass WordPress Plugin 'Duplicator' Directory Traversal (CVE-2020-11738) CVE-2020-11738 02 Sep 2020 7.5 (v3) High Pass WordPress Plugin 'File Manager' elFinder Remote Code Execution 10 Sep 2020 10 (v3) Critical Pass PHP 5.6.x < 5.6.20 Multiple Vulnerabilities CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 06 Apr 2016 9.8 (v3) Critical Pass PHP 7.0.x < 7.0.5 Multiple Vulnerabilities CVE-2015-8865 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 06 Apr 2016 9.8 (v3) Critical Pass Apache Tomcat 8.x < 8.5.78 Spring4Shell (CVE-2022-22965) Mitigations 01 Apr 2022 None Pass Apache Tomcat 10.x < 10.0.20 Spring4Shell (CVE-2022-22965) Mitigations 01 Apr 2022 None Pass Apache Tomcat 9.x < 9.0.62 Spring4Shell (CVE-2022-22965) Mitigations 01 Apr 2022 None Pass Open Source Point Of Sale Default Credentials 07 Apr 2016 7.3 (v3) High Pass ManageEngine Firewall Analyzer Default Credentials 13 Apr 2016 7.5 (v2) High Pass Piwik < 2.16.0 Unspecified XSS 15 Apr 2016 4.3 (v2) Medium Pass Piwik < 2.16.1-rc1 Multiple Vulnerabilities 15 Apr 2016 10 (v2) Critical Pass HP System Management Homepage (SMH) AddXECert Remote DoS 21 Apr 2016 2.6 (v2) Low Pass HP Device Manager Unauthenticated 'HPDM Server RMI' SQLi (CVE-2020-6926) (remote) CVE-2020-6926 09 Oct 2020 10 (v3) Critical Pass Cisco Security Manager < 4.23 Path Traversal Vulnerability (direct check) CVE-2020-27130 24 Nov 2020 9.1 (v3) Critical Pass SaltStack Unauthenticated RCE (direct check) CVE-2020-16846 CVE-2020-25592 15 Feb 2021 9.8 (v3) Critical Pass Liferay Portal Remote Code Execution (direct check) CVE-2020-7961 25 Feb 2021 9.8 (v3) Critical Pass Citrix SD-WAN Center Remote Code Execution (direct check) CVE-2020-8271 26 Mar 2021 9.8 (v3) Critical Pass JetBrains TeamCity Web Interface Detection 30 Mar 2021 None Pass Tenable Nessus 6.0.x < 6.6 Multiple Vulnerabilities CVE-2016-82012 CVE-2016-82013 28 Apr 2016 6.5 (v3) Medium Pass Trend Micro InterScan Web Security Virtual Appliance (IWSVA) DecryptPasswd Stack-based Buffer OverflowCVE-2020-28578 06 Apr 2021 9.8 (v3) Critical Pass IBM Net.Commerce orderdspc.d2w order_rn Option SQL Injection CVE-2001-0319 08 Jun 2002 7.5 (v2) High Pass PHP-Nuke Network Tools Add-On Arbitrary Command Execution CVE-2001-0899 22 Aug 2002 7.5 (v2) High Pass WebLogic Servlets Multiple Vulnerabilities CVE-2003-0151 CVE-2003-1095 27 Mar 2003 7.5 (v2) High Pass SquirrelMail decodeHeader Arbitrary HTML Injection CVE-2004-1036 13 Nov 2004 6.8 (v2) Medium Pass macOS 10.15.x < 10.15.4 / 10.14.x < 10.14.6 Security Update 2020-002 / 10.13.x < 10.13.6 Security Update 2020-002CVE-2019-8853 CVE-2019-14615 CVE-2019-19232 CVE-2020-3851 CVE-2020-3881 CVE-2020-3883 CVE-2020-3884 CVE-2020-3889 CVE-2020-3892 CVE-2020-3893 CVE-2020-3898 CVE-2020-3903 CVE-2020-3904 CVE-2020-3905 CVE-2020-3906 CVE-2020-3907 CVE-2020-3908 CVE-2020-3909 CVE-2020-3910 CVE-2020-3911 CVE-2020-3912 CVE-2020-3913 CVE-2020-3914 CVE-2020-3915 CVE-2020-3918 CVE-2020-3919 CVE-2020-9769 CVE-2020-9773 CVE-2020-9776 CVE-2020-9785 CVE-2020-9786 CVE-2020-978727 Mar 2020 9.8 (v3) Critical Pass Splunk Information Disclosure Vulnerability (SP-CAAAP5E) CVE-2018-11409 14 Jan 2019 5.3 (v3) Medium Pass Splunk Information Exposure (SP-CAAAP5E CVE-2018-11409 14 Jan 2019 5.3 (v3) Medium Pass HPE Intelligent Management Center dbman Opcode 10008 Command Injection CVE-2017-5816 19 Jun 2017 9.8 (v3) Critical Pass Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Detection 21 Jul 2017 None Pass ISC BIND Denial of Service CVE-2020-8617 22 May 2020 7.5 (v3) High Pass Patch Management: Red Hat Satellite Server Get Managed Servers 17 Jun 2015 None Pass ManageEngine ServiceDesk Plus 9.2.0 < Build 9228 Multiple Vulnerabilities CVE-2016-4888 CVE-2016-4890 27 Oct 2016 5.3 (v3) Medium Pass ManageEngine ServiceDesk Plus 9.1.0 < Build 9103 Multiple Vulnerabilities 24 Aug 2015 7.3 (v3) High Pass Oracle Oracle E-Business Suite (Apr 2020 CPU) CVE-2020-2750 CVE-2020-2753 CVE-2020-2772 CVE-2020-2789 CVE-2020-2794 CVE-2020-2796 CVE-2020-2807 CVE-2020-2808 CVE-2020-2809 CVE-2020-2810 CVE-2020-2813 CVE-2020-2815 CVE-2020-2817 CVE-2020-2818 CVE-2020-2819 CVE-2020-2820 CVE-2020-2821 CVE-2020-2822 CVE-2020-2823 CVE-2020-2824 CVE-2020-2825 CVE-2020-2826 CVE-2020-2827 CVE-2020-2831 CVE-2020-2832 CVE-2020-2833 CVE-2020-2834 CVE-2020-2835 CVE-2020-2836 CVE-2020-2837 CVE-2020-2838 CVE-2020-2839 CVE-2020-2840 CVE-2020-2841 CVE-2020-2842 CVE-2020-2843 CVE-2020-2844 CVE-2020-2845 CVE-2020-2846 CVE-2020-2847 CVE-2020-2848 CVE-2020-2849 CVE-2020-2850 CVE-2020-2852 CVE-2020-2854 CVE-2020-2855 CVE-2020-2856 CVE-2020-2857 CVE-2020-2858 CVE-2020-2860 CVE-2020-2861 CVE-2020-2862 CVE-2020-2863 CVE-2020-2864 CVE-2020-2866 CVE-2020-2870 CVE-2020-2871 CVE-2020-2872 CVE-2020-2873 CVE-2020-2874 CVE-2020-2876 CVE-2020-2877 CVE-2020-2878 CVE-2020-2879 CVE-2020-2880 CVE-2020-2881 CVE-2020-2882 CVE-2020-2885 CVE-2020-2886 CVE-2020-2887 CVE-2020-2888 CVE-2020-2889 CVE-2020-2890 CVE-2020-295615 Apr 2020 8.6 (v3) High Pass Patch Management: Patch Schedule From Red Hat Satellite Server 17 Jun 2015 None Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability CVE-2013-0337 CVE-2016-4450 22 May 2020 7.5 (v3) High Pass Patch Management: Red Hat Satellite Server Get System Information 17 Jun 2015 None Pass TURCK BL20/BL67 Hardcoded Admin Account CVE-2012-4697 10 Feb 2014 9.8 (v3) Critical Pass Patch Management: Red Hat Satellite Get Installed Packages 17 Jun 2015 None Pass TYPO3 8.x < 8.7.30 / 9.x < 9.5.12 / 10.x < 10.2.2 Multiple Vulnerabilities CVE-2019-19848 CVE-2019-19849 CVE-2019-19850 15 Jul 2020 8.8 (v3) High Pass EA Need For Speed Underground Detection 01 Mar 2011 None Pass TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities CVE-2020-11064 CVE-2020-11066 CVE-2020-11067 CVE-2020-11069 13 Jul 2020 10 (v3) Critical Pass ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2020-0026) CVE-2020-4004 CVE-2020-4005 24 Nov 2020 8.2 (v3) High Pass Adobe Experience Manager 6.2 <= 6.2 SP1-CFP20 / 6.3 <= 6.3.3.8 / 6.4 < 6.4.8.3 / 6.5 < 6.5.7.0 Multiple VCVE-2020-24444 CVE-2020-24445ulnerabilities (APSB20-01) 10 Dec 2020 9 (v3) Critical Pass Oracle Primavera Unifier (Oct 2020 CPU) CVE-2015-1832 CVE-2017-9096 CVE-2018-17196 CVE-2019-17558 CVE-2020-9488 CVE-2020-9489 21 Oct 2020 9.1 (v3) Critical Pass ManageEngine ServiceDesk Plus 8.0.0 < Build 8015 Multiple XSS Vulnerabilities 22 Dec 2011 6.1 (v3) Medium Pass IBM Tivoli Directory Server SASL Bind Request Buffer Overflow (uncredentialed check) CVE-2011-1206 01 Jun 2011 10 (v2) Critical Pass GitLab 13.11.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 Improper Access Control CVE-2022-1105 18 Apr 2022 4.3 (v3) Medium Pass Web Application Default Username ('super'/'1502') / Password ('super'/'1502') - deprecated CVE-2004-1920 13 Apr 2004 9 (v2) High Pass Oracle Database Detection 19 Jul 2006 None Pass Palo Alto Networks PAN-OS Version Detection 05 Mar 2014 None Pass Cisco Data Center Network Manager SQL Injection Vulnerabilities (cisco-sa-dcnm-sql-inj-OAQOObP) CVE-2021-1247 CVE-2021-1248 28 Jan 2021 8.8 (v3) High Pass Splashtop Streamer remote detection 04 Feb 2019 None Pass Apple TV < 14.3 Multiple Vulnerabilities CVE-2020-15969 CVE-2020-27943 CVE-2020-27944 CVE-2020-27946 CVE-2020-27948 CVE-2020-29611 CVE-2020-29617 CVE-2020-29618 CVE-2020-29619 CVE-2020-2962412 Feb 2021 8.8 (v3) High Pass ManageEngine ServiceDesk Plus < 11.2 Build 11200 Unauthenticated Stored XSS CVE-2021-20080 12 Apr 2021 6.1 (v3) Medium Pass VMware vCenter REST API Data Collection 25 Jan 2021 None Pass F5 BIG-IP RCE (CVE-2021-22986) CVE-2021-22986 24 Mar 2021 9.8 (v3) Critical Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.0.21 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Multiple VulnerabilitiesCVE-2018-20685 CVE-2019-6109 CVE-2019-6111 25 Mar 2021 6.8 (v3) Medium Pass Juniper Junos OS Multiple Vulnerabilities (JSA11169) CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 15 Apr 2021 7.8 (v3) High Pass Jenkins LTS < 2.277.2 / Jenkins weekly < 2.287 Multiple Vulnerabilities CVE-2021-21639 CVE-2021-21640 CVE-2021-21641 CVE-2021-22510 CVE-2021-22511 CVE-2021-22512 CVE-2021-22513 09 Apr 2021 6.5 (v3) Medium Pass Pulse Connect Secure < 9.1R11.4 (SA44784) CVE-2021-22893 CVE-2021-22894 CVE-2021-22899 CVE-2021-22900 20 Apr 2021 10 (v3) Critical Pass DNN (DotNetNuke) 9.2 <= 9.2.2 Weak Encryption Algorithm Vulnerability CVE-2018-15811 CVE-2018-18325 29 Oct 2021 7.5 (v3) High Pass Sophos XG Firewall User Portal and Webadmin Authentication Bypass (CVE-2022-1040) CVE-2022-1040 13 May 2022 9.8 (v3) Critical Pass Cisco Firepower Threat Defense Software < 6.6.1 sftunnel MitM (cisco-sa-ftdfmc-sft-mitm-tc8AzFs2) CVE-2020-3549 13 May 2022 8.1 (v3) High Pass Apache Log4Shell RCE detection via callback correlation (Direct Check NetBIOS) CVE-2021-44228 20 Dec 2021 10 (v3) Critical Pass Adobe Connect <= 11.3 Arbitrary File System Write Vulnerability (APSB21-112) CVE-2021-43014 20 Dec 2021 None Pass GitLab 14.4.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 XSS CVE-2022-1175 18 Apr 2022 6.1 (v3) Medium Pass PHP 5.5.x < 5.5.35 Multiple Vulnerabilities CVE-2016-3074 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-454405 May 2016 9.8 (v3) Critical Pass GitLab 11.5.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 Improper Authorization CVE-2022-1148 18 Apr 2022 6.5 (v3) Medium Pass GitLab 10.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 DoS CVE-2022-1185 18 Apr 2022 6.5 (v3) Medium Pass GitLab 8.3.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 XSS CVE-2022-1190 18 Apr 2022 5.4 (v3) Medium Pass SolarWinds Orion Platform 2020.2.6 < 2020.2.6 HF3 SQLI CVE-2021-35234 20 Dec 2021 8.8 (v3) High Pass SMB Server DOUBLEPULSAR Backdoor / Implant Detection (EternalRocks) CVE-2017-0144 18 Apr 2017 8.1 (v3) High Pass Advantech WebAccess webvrpcs.exe Path Traversal RCE CVE-2017-16720 10 Sep 2018 9.8 (v3) Critical Pass MobileIron Core 10.3.0.x < 10.3.0.4-19 / 10.4.0.x < 10.4.0.4-22 / 10.5.1.1 < 10.5.1.1-22 / 10.5.2.1 < 10.5.2.1-14 / 10.6.0.1 < 10.6.0.1-19 / 10.7.0.0 < 10.7.0.0-28CVE-2020-15505 CVE-2020-15506 CVE-2020-15507 12 Oct 2020 9.8 (v3) Critical Pass Citrix SD-WAN WANOP 10.2.x Multiple Vulnerabilities (CTX276688) CVE-2020-8191 CVE-2020-8193 CVE-2020-8194 CVE-2020-8195 CVE-2020-8196 CVE-2020-8198 02 Sep 2020 6.5 (v3) Medium Pass Pulse Policy Secure < 9.1R9 (SA44601) CVE-2015-9251 CVE-2019-11358 CVE-2020-8255 CVE-2020-8260 CVE-2020-8261 CVE-2020-8262 CVE-2020-8263 CVE-2020-15352 30 Oct 2020 7.2 (v3) High Pass Cisco Adaptive Security Device Manager (ASDM) Detection 21 Jan 2022 None Pass Cisco IOS XR Software for ASR 9000 Series Routers DoS (cisco-sa-npspin-QYpwdhFD) CVE-2021-34713 21 Jan 2022 7.4 (v3) High Pass Cisco ASDM Information Disclosure (cisco-sa-asdm-logging-jnLOY422) CVE-2022-20651 21 Jan 2022 5.5 (v3) Medium Pass VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004) CVE-2021-21975 CVE-2021-21983 31 Mar 2021 7.5 (v3) High Pass Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Apr 2021 CPU) CVE-2020-17527 CVE-2020-17530 CVE-2021-3450 CVE-2021-23841 CVE-2021-25122 26 Apr 2021 9.8 (v3) Critical 46
RELAYTO Penetration Test Results Page 45 Page 47