RELAYTO Penetration Test Results (83/101)

Pass Palo Alto Expedition Cross-Site Scripting (PAN-SA-2019-0003) CVE-2019-1567 10 Jun 2020 5.4 (v3) Medium Pass Adobe Experience Manager 6.1.x < 6.4.8.1 / 6.5.x < 6.5.5.0 (APSB20-31) CVE-2020-9643 CVE-2020-9644 CVE-2020-9645 CVE-2020-9647 CVE-2020-9648 CVE-2020-9651 12 Jun 2020 7.5 (v3) High Pass Treck/Kasago Network Stack Detection 22 Jun 2020 None Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.6 / 9.1.x < 9.1.1 VulnerabilityCVE-2020-1998 02 Jul 2020 8.8 (v3) High Pass Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi CVE-2005-1816 30 May 2005 4.6 (v2) Medium Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.12 / 8.0.x < 8.1.12 / 8.1.x < 8.1.12 / 9.0.x < 9.0.6 Vulnerability CVE-2020-2001 02 Jul 2020 9.8 (v3) Critical Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.6 Vulnerability CVE-2017-7529 02 Jul 2020 7.5 (v3) High Pass Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV DoS Vulnerability (cisco-sa-20190306-nxos-npv-dos)CVE-2019-1617 09 Jul 2020 7.4 (v3) High Pass Cisco Wireless LAN Controller Software Cross-Site Request Forgery (cisco-sa-20190417-wlc-csrf) CVE-2019-1797 14 Jul 2020 8.8 (v3) High Pass Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite (cisco-sa-fdmfo-HvPWKxDe) CVE-2020-3309 14 Jul 2020 6.5 (v3) Medium Pass Cisco Firepower Device Manager Web Interface Detection 10 Jul 2020 None Pass Invision Community Blog Multiple Vulnerabilities (SQLi, XSS) CVE-2005-1945 CVE-2005-1946 10 Jun 2005 6.5 (v2) Medium Pass Invision Gallery < 1.3.1 Multiple SQL Injections CVE-2005-1948 10 Jun 2005 6.5 (v2) Medium Pass Oracle Primavera Gateway (Jul 2020 CPU) CVE-2017-5645 CVE-2020-1945 CVE-2020-9488 CVE-2020-11022 CVE-2020-11023 16 Jul 2020 9.8 (v3) Critical Pass Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion CVE-2005-1965 10 Jun 2005 7.5 (v2) High Pass Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass (cisco-sa-rv-auth-bypass-cGv9EruZ)CVE-2020-3144 17 Jul 2020 9.8 (v3) Critical Pass e107 ePing Plugin doping.php Arbitrary Code Execution CVE-2005-2559 10 Jun 2005 7.5 (v2) High Pass Juniper JSA11031 CVE-2020-1654 20 Jul 2020 9.8 (v3) Critical Pass Juniper Junos SRX Double Free ICAP Redirect DoS RCE (JSA11034) CVE-2020-1647 22 Jul 2020 9.8 (v3) Critical Pass MySQL Enterprise Monitor 8.x < 8.0.18 DoS (Oct 2019 CPU) CVE-2019-10072 24 Jul 2020 7.5 (v3) High Pass MySQL Enterprise Monitor 4.x < 4.0.8 / 8.x < 8.0.14 DoS (Jan 2019 CPU) CVE-2018-0732 24 Jul 2020 7.5 (v3) High Pass MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU) CVE-2018-15756 24 Jul 2020 7.5 (v3) High Pass Juniper Junos MX Series PFE Small Packet DoS (JSA11036) CVE-2020-1649 24 Jul 2020 7.5 (v3) High Pass Trend Micro InterScan Web Security Virtual Appliance (IWSVA) Multiple Vulnerabilities (000253095) CVE-2020-8604 CVE-2020-8606 28 Jul 2020 9.8 (v3) Critical Pass Junos OS: RPD crash when processing a speciﬁc BGP packet (JSA11035) CVE-2020-1648 28 Jul 2020 7.5 (v3) High Pass Juniper Junos NFX150 Multiple Vulnerabilities (JSA11026) CVE-2019-0131 CVE-2019-0165 CVE-2019-0166 CVE-2019-0168 CVE-2019-0169 CVE-2019-11086 CVE-2019-11087 CVE-2019-11088 CVE-2019-11090 CVE-2019-11097 CVE-2019-11100 CVE-2019-11101 CVE-2019-11102 CVE-2019-11103 CVE-2019-11104 CVE-2019-11105 CVE-2019-11106 CVE-2019-11107 CVE-2019-11108 CVE-2019-11109 CVE-2019-11110 CVE-2019-11131 CVE-2019-11132 CVE-2019-1114728 Jul 2020 9.8 (v3) Critical Pass Adobe Experience Manager 6.x < 6.3.3.6 / 6.4.x < 6.4.6.0 / 6.5.x < 6.5.2.0 Multiple Vulnerabilities (APSB19-48)CVE-2019-8078 CVE-2019-8079 CVE-2019-8080 CVE-2019-8081 CVE-2019-8082 CVE-2019-8083 CVE-2019-8084 CVE-2019-8085 CVE-2019-8086 CVE-2019-8087 CVE-2019-8088 CVE-2019-823431 Jul 2020 9.8 (v3) Critical Pass Atlassian Conﬂuence < 7.4.2 / 7.5.x < 7.5.2 XSS (CONFSERVER-60102) CVE-2020-14175 31 Jul 2020 5.4 (v3) Medium Pass Pulse Policy Secure < 9.1R8 (SA44516) CVE-2020-8204 CVE-2020-8206 CVE-2020-8216 CVE-2020-8217 CVE-2020-8218 CVE-2020-8219 CVE-2020-8220 CVE-2020-8221 CVE-2020-8222 CVE-2020-12880 CVE-2020-1540831 Jul 2020 8.1 (v3) High Pass Cisco Data Center Network Manager Command Injection (cisco-sa-dcnm-rest-inj-BCt8pwAJ) CVE-2020-3384 10 Aug 2020 8.2 (v3) High Pass Cisco Prime Collaboration Provisioning Software SQL Injection (cisco-sa-pcp-sql-inj-22Auwt66) CVE-2020-3184 18 Aug 2020 7.2 (v3) High Pass WordPress Plugin 'SRS Simple Hits Counter' Information Disclosure CVE-2020-5766 27 Aug 2020 7.5 (v3) High Pass ISC BIND 9.15.6 < 9.16.6 / 9.17.x < 9.17.4 DoS CVE-2020-8620 28 Aug 2020 7.5 (v3) High Pass Cisco Data Center Network Manager Stored XSS (cisco-sa-dcnm-xss-stored-w4rJZJtO) CVE-2020-3439 01 Sep 2020 4.8 (v3) Medium Pass Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session DoS (cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp)CVE-2020-3398 02 Sep 2020 8.6 (v3) High Pass IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.13 / 9.0.x <= 9.0.0.8 Information DisclosurCVE-2018-1614e (711983) 10 Sep 2020 7.5 (v3) High Pass Cisco Aironet Web UI Detection. 08 Sep 2020 None Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.9 XSS CVE-2020-2036 11 Sep 2020 8.8 (v3) High Pass Palo Alto Networks PAN-OS 8.0.x / 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.3 Information Exposure CVE-2020-2044 11 Sep 2020 3.3 (v3) Low Pass Juniper Junos DNS ﬁltering JSA11028 CVE-2020-1645 14 Sep 2020 8.3 (v3) High Pass Cisco Data Center Network Manager Stored Cross-Site Scripting (cisco-sa-20200219-dcnm-xss) CVE-2020-3113 17 Sep 2020 5.4 (v3) Medium Pass PHP 7.2.x / 7.3.x < 7.3.22 Memory Leak Vulnerability 11 Sep 2020 7.5 (v3) High Pass PHP 7.4.x < 7.4.10 Memory Leak Vulnerability 11 Sep 2020 7.5 (v3) High Pass Cisco Data Center Network Manager Cross-Site Request Forgery (cisco-sa-20200219-dcnm-csrf) CVE-2020-3114 18 Sep 2020 8.8 (v3) High Pass CodeMeter < 6.81 Denial of Service Vulnerability CVE-2020-14513 21 Sep 2020 7.5 (v3) High Pass CodeMeter < 7.10a Multiple Vulnerabilities CVE-2020-14509 CVE-2020-14517 CVE-2020-14519 21 Sep 2020 9.8 (v3) Critical Pass HP iLO 3 < 1.93 / HP iLO 4 < 2.75 / HP iLO Superdome 4 < 1.64 / HP iLO 5 < 2.18 / HP Moonshot/Edgeline iLO 5 < 2.30 Ripple20 Multiple vulnerabilitiesCVE-2020-11896 CVE-2020-11898 CVE-2020-11900 CVE-2020-11906 CVE-2020-11907 CVE-2020-11911 CVE-2020-11912 CVE-2020-1191424 Sep 2020 10 (v3) Critical Pass Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX281474) CVE-2020-8245 CVE-2020-8246 CVE-2020-8247 25 Sep 2020 8.8 (v3) High Pass Citrix SD-WAN WANOP Multiple Vulnerabilities (CTX281474) CVE-2020-8246 CVE-2020-8247 25 Sep 2020 8.8 (v3) High Pass SonicWall SonicOS Buﬀer Overﬂow Vulnerability CVE-2020-5135 16 Oct 2020 9.8 (v3) Critical Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.1 XSS (CVE-2019-4270)CVE-2019-4270 16 Oct 2020 5.4 (v3) Medium Pass IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.11 XSS (CVE-2019-4030) CVE-2019-4030 19 Oct 2020 5.4 (v3) Medium Pass IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 RCE (CVE-2016-1000031)CVE-2016-1000031 20 Oct 2020 9.8 (v3) Critical Pass WordPress Loginizer plugin < 1.6.4 blind SQLi (CVE-2020-27615) CVE-2020-27615 22 Oct 2020 9.8 (v3) Critical Pass IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 SSRF (CVE-2019-17566)CVE-2019-17566 30 Oct 2020 7.5 (v3) High Pass Nostromo < 1.9.7 Remote Code Execution CVE-2019-16278 30 Oct 2020 9.8 (v3) Critical Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.x < 9.0.0.8 Security Bypass (CVE-2015-0899)CVE-2015-0899 30 Oct 2020 7.5 (v3) High Pass IBM WebSphere Application Server 6.1.0.x <= 6.1.0.47 / 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.13 / 8.5.x < 8.5.5.10 XXE (CVE-2015-0254)CVE-2015-0254 30 Oct 2020 10 (v3) Critical Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.17 / 9.0.x < 9.0.11 / 9.1.x < 9.1.5 / 10.0.x < 10.0.1 Authentication Bypass VCVE-2020-2050ulnerability 13 Nov 2020 8.2 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.17 / 9.0.x < 9.0.11 / 9.1.x < 9.1.5 Vulnerability CVE-2020-2022 13 Nov 2020 7.5 (v3) High Pass Cisco Security Manager < 4.22 Path Traversal (cisco-sa-csm-path-trav-NgeRnqgR) CVE-2020-27130 17 Nov 2020 9.1 (v3) Critical Pass Cisco IOS XE Software PROFINET Link Layer Discovery Protocol DoS (cisco-sa-ios-proﬁnet-dos-65qYG3W5)CVE-2020-3512 17 Nov 2020 7.4 (v3) High Pass Cisco IOS Software PROFINET Link Layer Discovery Protocol DoS (cisco-sa-ios-proﬁnet-dos-65qYG3W5)CVE-2020-3512 17 Nov 2020 7.4 (v3) High Pass IBM Spectrum Protect Operations Center 7.1.x < 7.1.11.000 / 8.1.x < 8.1.10.000 Code Injection VulnerabilityCVE-2020-4693 19 Nov 2020 9.8 (v3) Critical Pass Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391) (remote check) CVE-2020-8705 CVE-2020-8744 CVE-2020-8745 CVE-2020-8746 CVE-2020-8747 CVE-2020-8749 CVE-2020-8751 CVE-2020-8752 CVE-2020-8753 CVE-2020-8754 CVE-2020-8755 CVE-2020-8756 CVE-2020-8757 CVE-2020-8760 CVE-2020-8761 CVE-2020-12297 CVE-2020-12303 CVE-2020-12354 CVE-2020-1235620 Nov 2020 9.8 (v3) Critical Pass Cisco IoT Field Network Director Missing API Authentication (cisco-sa-FND-APIA-xZntFS2V) CVE-2020-3392 24 Nov 2020 7.5 (v3) High Pass Juniper Junos OS EX4300-MP/EX4600/QFX5K Series DoS (JSA11086) CVE-2020-1689 01 Dec 2020 6.5 (v3) Medium Pass Apache Cassandra 3.8.x < 3.11.1 RCE CVE-2018-8016 02 Dec 2020 9.8 (v3) Critical Pass Apache Cassandra 1.2.x <= 1.2.19 / 2.0.x <= 2.0.13 / 2.1.x <= 2.1.3 RCE CVE-2015-0225 02 Dec 2020 9.8 (v3) Critical Pass Adobe Experience Manager 6.1 < 6.3.3.7 / 6.4 < 6.4.7.0 / 6.5 < 6.5.3.0 Multiple Vulnerabilities (APSB20-01)CVE-2019-16466 CVE-2019-16467 CVE-2019-16468 CVE-2019-16469 03 Dec 2020 7.5 (v3) High Pass Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation (cisco-sa-iox-usb-guestshell-WmevScDj)CVE-2020-3396 07 Dec 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.18 / 9.0.x < 9.0.12 / 9.1.x < 9.1.5 Vulnerability CVE-2021-3031 13 Jan 2021 4.3 (v3) Medium Pass Juniper Junos OS DoS (JSA11111) CVE-2021-0221 14 Jan 2021 6.5 (v3) Medium Pass Juniper Junos OS Command Injection (JSA11109) CVE-2021-0219 14 Jan 2021 6.7 (v3) Medium Pass Oracle Primavera Gateway (Jan 2021 CPU) CVE-2020-5421 CVE-2020-11979 20 Jan 2021 7.5 (v3) High Pass Juniper Junos DoS (JSA11096) CVE-2021-0206 22 Jan 2021 7.5 (v3) High Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.18 / 9.0.x <= 9.0.5.6 XXE (6408244)CVE-2020-4949 28 Jan 2021 8.2 (v3) High Pass Cisco IOS XE Software Wireless Controller for the Catalyst 9000 Family CAPWAP DoS (cisco-sa-capwap-dos-TPdNTdyq)CVE-2020-3486 CVE-2020-3487 CVE-2020-3488 CVE-2020-3489 CVE-2020-3493 CVE-2020-3494 CVE-2020-3497 29 Jan 2021 7.4 (v3) High Pass Juniper Junos OS DoS (JSA11094) CVE-2021-0222 04 Feb 2021 7.4 (v3) High Pass JamMail jammail.pl mail Parameter Arbitrary Command Execution CVE-2005-1959 13 Jun 2005 7.5 (v2) High Pass pfSense 2.4.x < 2.4.5-p1 Multiple Vulnerabilities CVE-2020-12662 CVE-2020-12663 CVE-2020-12762 04 Feb 2021 7.8 (v3) High Pass Apache Flink Web UI Detection 09 Feb 2021 None Pass OpenSSL 1.0.2 < 1.0.2w Information Disclosure CVE-2020-1968 10 Feb 2021 3.7 (v3) Low Pass Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability (cisco-sa-nxos-pim-dos-Y8SjMz4)CVE-2021-1367 24 Feb 2021 4.3 (v3) Medium Pass e107 eTrace Plugin dotrace.php Arbitrary Code Execution CVE-2005-1966 13 Jun 2005 7.5 (v2) High Pass Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability (cisco-sa-nxos-nxapi-csrf-wRMzWL9z)CVE-2021-1227 24 Feb 2021 8.1 (v3) High Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.19 / 9.0.x <= 9.0.5.6 XXE (6413709)CVE-2021-20353 25 Feb 2021 8.2 (v3) High Pass Tenable SecurityCenter 5.13.0 - 5.17.0 Remote Code Execution (TNS-2021-03) CVE-2021-20076 03 Mar 2021 8.8 (v3) High Pass Adobe Connect <= 11.0.5 Multiple Vulnerabilities (ASPB21-19) CVE-2021-21079 CVE-2021-21080 CVE-2021-21081 CVE-2021-21085 10 Mar 2021 7.8 (v3) High Pass Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability (cisco-sa-3000-9000-ﬁleaction-QtLzDRy2)CVE-2021-1361 24 Mar 2021 9.1 (v3) Critical Pass Apache OFBiz Remote Code Execution (CVE-2021-26295) CVE-2021-26295 30 Mar 2021 9.8 (v3) Critical Pass Cisco IOS Software Common Industrial Protocol Privilege Escalation (cisco-sa-XE-SAP-OPLbze68) CVE-2021-1392 30 Mar 2021 7.8 (v3) High Pass OpenSSL 1.1.1 < 1.1.1j Multiple Vulnerabilities CVE-2021-23840 CVE-2021-23841 09 Apr 2021 7.5 (v3) High Pass Juniper Junos OS Vulnerability (JSA11150) CVE-2021-0259 15 Apr 2021 7.4 (v3) High Pass Atlassian Jira < 8.13.3 / 8.14.x < 8.14.1 Broken Authentication (JRASERVER-72029) CVE-2021-26070 01 Apr 2021 7.2 (v3) High Pass Juniper Junos OS Vulnerability (JSA11144) CVE-2021-0251 15 Apr 2021 8.6 (v3) High Pass Juniper Junos OS Vulnerability (JSA11136) CVE-2021-0243 15 Apr 2021 4.7 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11158) CVE-2021-0267 15 Apr 2021 6.5 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11117) CVE-2021-0214 15 Apr 2021 6.5 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11118) CVE-2021-0216 15 Apr 2021 6.5 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11157) CVE-2021-0266 15 Apr 2021 9.8 (v3) Critical Pass Juniper Junos OS Vulnerability (JSA11145) CVE-2021-0252 15 Apr 2021 7.8 (v3) High Pass CA Multiple Products Message Queuing Multiple Remote DoS CVE-2006-0529 CVE-2006-0530 03 Feb 2006 4.1 (v3) Medium Pass CA Multiple Products Message Queuing Multiple Remote Vulnerabilities CVE-2005-2667 CVE-2005-2668 CVE-2005-2669 08 Nov 2005 9.1 (v3) Critical Pass Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities CVE-2005-2002 15 Jun 2005 7.5 (v2) High Pass DNN (DotNetNuke) < 3.0.12 Multiple XSS CVE-2005-0040 16 Jun 2005 4.3 (v2) Medium Pass YaPiG < 0.95b Multiple Vulnerabilities CVE-2005-1881 CVE-2005-1882 CVE-2005-1883 CVE-2005-1884 CVE-2005-1885 CVE-2005-1886 17 Jun 2005 7.5 (v2) High Pass osCommerce application_top.php Multiple Parameter HTTP Response Splitting CVE-2005-1951 18 Jun 2005 4.3 (v2) Medium Pass paFAQ 1.0 Beta 4 Multiple Vulnerabilities CVE-2005-0475 CVE-2005-2011 CVE-2005-2012 CVE-2005-2013 CVE-2005-2014 21 Jun 2005 7.5 (v2) High Pass cPanel cpsrvd.pl user Parameter XSS CVE-2005-2021 21 Jun 2005 4.3 (v2) Medium Pass Cacti Local File Inclusion Vulnerability CVE-2005-1524 CVE-2005-1525 CVE-2005-1526 22 Jun 2005 7.5 (v2) High Pass phpBB2 Plus <= 1.52 Multiple XSS CVE-2005-1113 CVE-2005-1114 CVE-2005-1115 CVE-2005-1116 28 Jun 2005 4.3 (v2) Medium 83

RELAYTO Penetration Test Results - Page 83

RELAYTO Penetration Test Results Page 82 Page 84