Pass Cisco IOS XR Software Multiprotocol Label Switching Packet Vulnerability (cisco-sa-20100324-ldp) CVE-2010-0576 14 Dec 2013 7.8 (v2) High Pass Cisco IOS XR Software Route Processor Denial of Service Vulnerability (cisco-sa-20120530-iosxr) CVE-2012-2488 14 Dec 2013 7.8 (v2) High Pass Cisco IOS XR Software Malformed Border Gateway Protocol Attribute Vulnerability (cisco-sa-20120926-bgp)CVE-2012-4617 14 Dec 2013 7.1 (v2) High Pass Cisco IOS XR Software Route Processor Denial of Service Vulnerability (cisco-sa-20131023-iosxr) CVE-2013-5549 14 Dec 2013 7.1 (v2) High Pass Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities CVE-2013-1571 CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 25 Feb 2014 4.8 (v3) Medium Pass Apache Tomcat 8.0.x < 8.0.3 Content-Type DoS CVE-2014-0050 25 Feb 2014 5.3 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.54 XML Parser Information Disclosure CVE-2014-0119 30 May 2014 6.5 (v3) Medium Pass Apache Tomcat 8.0.x < 8.0.6 XML Parser Information Disclosure CVE-2014-0119 30 May 2014 6.5 (v3) Medium Pass Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS CVE-2014-3322 29 Jul 2014 6.1 (v2) Medium Pass Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST) CVE-2015-0235 02 Mar 2015 10 (v2) Critical Pass Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK) CVE-2014-0230 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-7810 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-029315 May 2015 7.5 (v3) High Pass Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS CVE-2015-0695 24 Apr 2015 7.8 (v2) High Pass Tenable SecurityCenter Multiple Apache Vulnerabilities (TNS-2015-11) CVE-2015-3183 CVE-2015-3185 25 Aug 2015 5.8 (v3) Medium Pass Cisco IOS Software IKEv1 State Machine DoS (CSCuw08236) CVE-2015-6429 08 Jan 2016 5.3 (v3) Medium Pass Cisco IOS DHCPv6 Relay Message Handling DoS (cisco-sa-20160323-dhcpv6) CVE-2016-1348 06 Apr 2016 7.5 (v3) High Pass PHP 7.3.0 [alpha|beta] < 7.3.0 Multiple vulnerabilities CVE-2018-19518 CVE-2018-19935 CVE-2018-20783 20 Jul 2018 7.5 (v3) High Pass Cisco IOS Malformed LISP Packet DoS (CSCuu64279) CVE-2016-1351 01 Apr 2016 7.5 (v3) High Pass PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF CVE-2018-12882 CVE-2018-14851 CVE-2018-14883 CVE-2018-15132 20 Jul 2018 9.8 (v3) Critical Pass Cisco IOS SIP Memory Leak DoS (CSCuj23293) CVE-2016-1350 01 Apr 2016 7.5 (v3) High Pass Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (July 2018 CPU)CVE-2018-2960 CVE-2018-2961 CVE-2018-2962 CVE-2018-2963 20 Jul 2018 6.1 (v3) Medium Pass PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS CVE-2018-14851 CVE-2018-14883 CVE-2018-15132 24 Jul 2018 7.5 (v3) High Pass PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS CVE-2018-14851 CVE-2018-14883 CVE-2018-15132 24 Jul 2018 7.5 (v3) High Pass AVEVA InduSoft Web Studio / InTouch Machine Edition Command 81 mbstowcs() Stack Overflow CVE-2018-10620 31 Jul 2018 9.8 (v3) Critical Pass Tenable SecurityCenter < 5.3.2 Multiple Vulnerabilities (TNS-2016-09) CVE-2016-3074 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-454424 Jun 2016 9.8 (v3) Critical Pass Atlassian JIRA 7.6.7 / 7.7.x < 7.7.5 / 7.8.x < 7.8.5 / 7.9.x < 7.9.3 / 7.10.x < 7.10.2 XSS CVE-2018-13387 CVE-2018-13395 03 Aug 2018 6.1 (v3) Medium Pass Tenable SecurityCenter < 5.4.0 Multiple Vulnerabilities (TNS-2016-12) CVE-2016-0739 CVE-2016-0787 CVE-2016-4802 26 Jul 2016 7.8 (v3) High Pass Cisco IOS XE Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp) CVE-2016-1459 26 Aug 2016 5.3 (v3) Medium Pass Dell iDRAC Products Multiple Vulnerabilities (June 2018) CVE-2018-1212 CVE-2018-1243 CVE-2018-1244 CVE-2018-1249 09 Aug 2018 8.8 (v3) High Pass Cisco IOS XR Software Command-Line Interface Privilege Escalation (cisco-sa-20161005-iosxr) CVE-2016-6428 28 Oct 2016 7.8 (v3) High Pass Mail Transfer Agent and Mail Delivery Agent Remote Command Execution via Shellshock CVE-2014-6271 CVE-2014-7169 28 Oct 2014 10 (v2) Critical Pass Jenkins < 2.121.2 / 2.133 Multiple Vulnerabilities CVE-2018-1999001 CVE-2018-1999002 CVE-2018-1999003 CVE-2018-1999004 CVE-2018-1999005 CVE-2018-1999006 CVE-2018-199900709 Aug 2018 7.5 (v3) High Pass Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Multiple Vulnerabilities (cisco-sa-rv340-cmdinj-rCVE-2021-1609 CVE-2021-1610cedos-pY8J3qfy) 04 Aug 2021 9.8 (v3) Critical Pass Cisco Small Business RV160 and RV260 Series VPN Routers RCE (cisco-sa-rv-code-execution-9UVJr7k4)CVE-2021-1602 04 Aug 2021 9.8 (v3) Critical Pass MySQL 5.6.x < 5.6.41 Multiple Vulnerabilities (July 2018 CPU) 20 Jul 2018 7.1 (v3) High Pass MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (July 2018 CPU) CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 20 Jul 2018 5 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Admin Console DirCVE-2018-1770 ectory Traversal Vulnerability (CVE-2018-1770) 14 Dec 2018 6.5 (v3) Medium Pass IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.0.x < 9.0.0.9 Installation VeriCVE-2018-1643fication Tool Cross-site Scripting (XSS) Vulnerability (CVE-2018-1643) 14 Dec 2018 6.1 (v3) Medium Pass nginx < 0.7.64 / 0.8.x < 0.8.23 Multiple Vulnerabilities CVE-2009-3555 CVE-2009-4487 09 Mar 2018 6.5 (v3) Medium Pass nginx < 0.7.63 / 0.8.x < 0.8.17 Directory Traversal CVE-2009-3898 09 Mar 2018 5.4 (v3) Medium Pass Oracle WebLogic Server Deserialization RCE (CVE-2018-2893) CVE-2018-2893 13 Aug 2018 9.8 (v3) Critical Pass MikroTik RouterOS < 6.40.9 / 6.42.7 / 6.43 multiple vulnerabilities. CVE-2018-1156 CVE-2018-1157 CVE-2018-1158 CVE-2018-1159 24 Aug 2018 8.8 (v3) High Pass CODESYS V3 Runtime Service Detection 26 Feb 2019 None Pass Cisco Small Business RV Series Arbitrary Code Execution (cisco-sa-code-exec-wH3BNFb) CVE-2020-3331 28 Jul 2020 9.8 (v3) Critical Pass Symantec Encryption Management Server < 3.4.2 MP1 Denial of Service Vulnerability (SYMSA1458) CVE-2018-5243 28 Aug 2018 7.5 (v3) High Pass Apache ActiveMQ 5.x < 5.15.5 Multiple Vulnerabilities CVE-2012-0881 CVE-2014-0114 CVE-2015-5182 CVE-2016-3092 CVE-2016-5425 CVE-2016-6325 CVE-2016-8735 CVE-2018-7489 CVE-2018-800630 Aug 2018 9.8 (v3) Critical Pass Cisco TelePresence VCS / Expressway < 8.11 DoS CVE-2018-0409 31 Aug 2018 7.5 (v3) High Pass Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway DoS (cisco-sa-alg-dos-hbBS7SZE) CVE-2021-1446 02 Aug 2021 7.5 (v3) High Pass Jenkins < 2.121.3 / 2.138 Multiple Vulnerabilities CVE-2018-1999042 CVE-2018-1999043 CVE-2018-1999044 CVE-2018-1999045 CVE-2018-1999046 CVE-2018-1999047 06 Sep 2018 5.4 (v3) Medium Pass Atlassian JIRA ProfileLinkUserFormat Information Disclosure Vulnerability CVE-2018-13391 07 Sep 2018 5.3 (v3) Medium Pass PHP 7.0.x < 7.0.32 Transfer-Encoding Parameter XSS Vulnerability CVE-2018-17082 14 Sep 2018 6.1 (v3) Medium Pass IBM WebSphere Application Server 7.x <= 7.0.0.45 / 8.x <= 8.0.0.15 / 8.5.x < 8.5.5.21 / 9.x < 9.0.5.11 DoSCVE-2021-38951 13 Jan 2022 7.5 (v3) High Pass VMware Harbor Information Disclosure (CVE-2019-19030) CVE-2019-19030 10 Aug 2021 5.3 (v3) Medium Pass Cisco Firepower Device Manager On-Box Software RCE (cisco-sa-fdm-rce-Rx6vVurq) CVE-2021-1518 12 Aug 2021 8.8 (v3) High Pass Apache Tomcat 9.0.0.M1 < 9.0.5 Insecure CGI Servlet Search Algorithm Description Weakness CVE-2018-1304 CVE-2018-1305 23 Feb 2018 3.7 (v3) Low Pass Microsoft Azure CycleCloud Privilege Escalation (CVE-2021-36943) CVE-2021-36943 13 Aug 2021 7.8 (v3) High Pass Apache Tomcat 9.0.0.M1 < 9.0.12 Open Redirect Weakness CVE-2018-11784 10 Oct 2018 4.3 (v3) Medium Pass Apache Tomcat 8.5.x < 8.5.34 Open Redirect Weakness CVE-2018-11784 10 Oct 2018 4.3 (v3) Medium Pass Citrix NetScaler Management and Analytics System Default Administrator Credentials 12 Oct 2018 7.3 (v3) High Pass Apple iTunes < 12.11.4 Multiple Vulnerabilities (uncredentialed check) CVE-2021-30779 CVE-2021-30785 23 Aug 2021 7.8 (v3) High Pass nginx < 1.10.1 / 1.11.x < 1.11.1 Denial-of-Service Vulnerability CVE-2016-4450 16 Oct 2018 7.5 (v3) High Pass Jenkins < 2.138.2 (LTS) / 2.146 Multiple Vulnerabilities CVE-2018-1000406 CVE-2018-1000407 CVE-2018-1000408 CVE-2018-1000409 CVE-2018-1000410 CVE-2018-1000997 CVE-2018-199904316 Oct 2018 6.5 (v3) Medium Pass Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (October 2018 CPU)CVE-2018-3241 CVE-2018-3281 CVE-2018-11039 18 Oct 2018 6.1 (v3) Medium Pass Tenable Nessus < 8.0.0 Multiple Vulnerabilities (TNS-2018-14) CVE-2018-0732 CVE-2018-0737 26 Oct 2018 5.9 (v3) Medium Pass nginx 1.x < 1.14.1 / 1.15.x < 1.15.6 Multiple Vulnerabilities CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 14 Nov 2018 6.1 (v3) Medium Pass VMware Harbor User Enumeration (CVE-2020-13794) CVE-2020-13794 19 Aug 2021 4.3 (v3) Medium Pass Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc) CVE-2014-0701 CVE-2014-0703 CVE-2014-0704 CVE-2014-0705 CVE-2014-0706 CVE-2014-0707 14 Mar 2014 7.8 (v2) High Pass IBM Spectrum Protect Plus vsnap Static Credential Vulnerability CVE-2020-4854 18 Feb 2021 9.8 (v3) Critical Pass ManageEngine ADSelfService Plus < Build 6102 RCE CVE-2021-28958 19 Aug 2021 9.8 (v3) Critical Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.19 / 9.0.x < 9.0.14 / 9.1.x < 9.1.10 Vulnerability CVE-2021-3045 12 Aug 2021 4.9 (v3) Medium Pass H3C / HPE Intelligent Management Center PLAT < 7.3 E0605P06 Multiple Vulnerabilities CVE-2018-7114 CVE-2018-7115 CVE-2018-7116 10 Dec 2018 9.8 (v3) Critical Pass Cisco Evolved Programmable Network Manager Information Disclosure (cisco-sa-epnm-info-disc-PjTZ5r6C)CVE-2021-34707 13 Aug 2021 6.5 (v3) Medium Pass OpenSSL 1.1.1 < 1.1.1l Vulnerability CVE-2021-3711 CVE-2021-3712 24 Aug 2021 9.8 (v3) Critical Pass Atlassian JIRA < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 XSS (JRASERVER-72392) CVE-2021-26078 26 Aug 2021 6.1 (v3) Medium Pass OpenSSL 1.1.1 < 1.1.1k Multiple Vulnerabilities CVE-2021-3449 CVE-2021-3450 25 Mar 2021 7.4 (v3) High Pass Cisco IOS Software Plug-and-Play PKI API Certificate Validation Vulnerability CVE-2017-12228 06 Oct 2017 5.9 (v3) Medium Pass Juniper Junos OS Improper Certificate Validation (JSA11264) CVE-2022-22156 18 Mar 2022 7.4 (v3) High Pass Cisco Energy Management Suite Default PostgreSQL Password Vulnerability CVE-2018-0468 20 Aug 2021 7.8 (v3) High Pass Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities CVE-2016-9137 26 Jun 2017 9.8 (v3) Critical Pass Dell iDRAC Products Multiple Vulnerabilities (December 2018) CVE-2018-15774 CVE-2018-15776 21 Dec 2018 8.8 (v3) High Pass Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities CVE-2017-3737 CVE-2017-3738 CVE-2018-0733 CVE-2018-0739 02 Feb 2018 5.9 (v3) Medium Pass Cisco IOS XR Software Event Management Service gRPC Handling DoS (cisco-sa-20170503-ios-xr) CVE-2017-3876 04 May 2017 7.5 (v3) High Pass nginx < 1.13.3 Integer Overflow Vulnerability CVE-2017-7529 18 Dec 2017 7.5 (v3) High Pass Tenable SecurityCenter PHP < 5.6.26 Multiple Vulnerabilities CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 26 Jun 2017 9.8 (v3) Critical Pass Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy) CVE-2016-0736 CVE-2016-2161 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 26 Jun 2017 7.5 (v3) High Pass Tenable SecurityCenter OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32) CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-630626 Jun 2017 9.8 (v3) Critical Pass Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities (TNS-2017-04) CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 26 Jun 2017 5.9 (v3) Medium Pass Tenable SecurityCenter PHP < 5.6.25 Multiple Vulnerabilities (TNS-2016-09) CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-713226 Jun 2017 9.8 (v3) Critical Pass Cisco Integrated Management Controller User Session Hijacking Vulnerability CVE-2017-6617 10 Aug 2017 5.4 (v3) Medium Pass Cisco Integrated Management Controller Remote Code Execution Vulnerability CVE-2017-6616 10 Aug 2017 8.8 (v3) High Pass Cisco Integrated Management Controller Privilege Escalation Vulnerability CVE-2017-6619 10 Aug 2017 8.8 (v3) High Pass Cisco Integrated Management Controller Cross-Site Scripting Vulnerability CVE-2017-6618 10 Aug 2017 5.4 (v3) Medium Pass Apache Tomcat 8.0.0.RC1 < 8.0.45 Cache Poisoning CVE-2017-7674 18 Aug 2017 4.3 (v3) Medium Pass Apache Tomcat 9.0.0M1 < 9.0.0.M22 Multiple Vulnerabilities CVE-2017-7674 CVE-2017-7675 18 Aug 2017 7.5 (v3) High Pass Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12 CVE-2017-6004 CVE-2017-7890 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 CVE-2017-11142 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-1293312 Sep 2017 9.8 (v3) Critical Pass Cisco Unified Communications Manager SQL Injection Vulnerability CVE-2017-3886 27 Sep 2017 4.9 (v3) Medium Pass Cisco Unified Communications Manager Cross-Site Scripting Vulnerability CVE-2017-3888 27 Sep 2017 5.4 (v3) Medium Pass Cisco Unified Communications Manager Denial of Service Vulnerability CVE-2017-3808 27 Sep 2017 7.5 (v3) High Pass Apache Tomcat 7.0.x < 7.0.82 Multiple Vulnerabilities CVE-2017-12617 11 Oct 2017 8.1 (v3) High Pass Oracle Database Multiple Vulnerabilities (October 2017 CPU) CVE-2016-6814 CVE-2016-8735 CVE-2017-10190 CVE-2017-10261 CVE-2017-10292 CVE-2017-10321 19 Oct 2017 9.8 (v3) Critical Pass Tenable SecurityCenter 5.5.0 <= 5.5.2 SQLi (TNS-2017-13) CVE-2017-11508 02 Nov 2017 8.8 (v3) High Pass Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK) CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 08 Jan 2018 6.8 (v3) Medium Pass MySQL 5.5.x < 5.5.59 Multiple Vulnerabilities (January 2018 CPU) CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 17 Jan 2018 7.1 (v3) High Pass MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (January 2018 CPU) CVE-2017-3737 CVE-2018-2562 CVE-2018-2565 CVE-2018-2573 CVE-2018-2576 CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2591 CVE-2018-2600 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2646 CVE-2018-2647 CVE-2018-2665 CVE-2018-2667 CVE-2018-2668 CVE-2018-2696 CVE-2018-270317 Jan 2018 5.5 (v3) Medium Pass Apache Tomcat 8.0.45 < 8.0.48 Insecure CGI Servlet Search Algorithm Description Weakness CVE-2017-15706 09 Feb 2018 3.7 (v3) Low Pass Apache Tomcat 7.0.0 < 7.0.85 Security Constraint Weakness CVE-2018-1304 CVE-2018-1305 23 Feb 2018 5.9 (v3) Medium Pass IBM WebSphere Application Server 9.0.0.0 < 9.0.0.8 Spoof Attack Vulnerability CVE-2017-1788 30 Mar 2018 5.3 (v3) Medium Pass Cisco IOS Software Smart Install Remote Code Execution Vulnerability CVE-2018-0171 29 Mar 2018 9.8 (v3) Critical Pass Cisco IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities (cisco-sa-20180328-lldp)CVE-2018-0167 06 Apr 2018 8.8 (v3) High Pass Apache Struts XStream Handler REST Plugin XML Request Handling Remote DoS (S2-056) CVE-2018-1327 30 Mar 2018 7.5 (v3) High Pass Cisco IOS Software DNS Forwarder Denial of Service Vulnerability (cisco-sa-20160928-dns) CVE-2016-6380 10 Apr 2018 8.1 (v3) High Pass MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (April 2018 CPU) CVE-2018-2755 CVE-2018-2758 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2805 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-281919 Apr 2018 5.5 (v3) Medium Pass MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU) CVE-2018-2755 CVE-2018-2758 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2805 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-281919 Apr 2018 5.5 (v3) Medium 40
RELAYTO Penetration Test Results Page 39 Page 41