RELAYTO Penetration Test Results (28/101)

Pass CGI Generic SQL Injection Detection (potential, 2nd order, 2nd pass) 30 Aug 2010 7.5 (v2) High Pass CGIWrap Charset Speciﬁcation Weakness Error Message XSS CVE-2008-2852 30 Jun 2008 4.3 (v2) Medium Pass Atlassian Jira 8.0 < 8.9.1 XSS in Quick Search (JRASERVER-71205) CVE-2020-14169 21 Sep 2020 6.1 (v3) Medium Pass CodeMeter < 6.90 License forging Vulnerability CVE-2020-14515 21 Sep 2020 7.5 (v3) High Pass CodeMeter < 7.10 Information Exﬁltration Vulnerability CVE-2020-16233 21 Sep 2020 7.5 (v3) High Pass Cisco DCNM Authentication Bypass (CVE-2019-15977) CVE-2019-15977 20 Jan 2020 7.5 (v3) High Pass Cisco Data Center Network Manager Authentication Bypass (cisco-sa-dcnm-auth-bypass-JkubGpu3) CVE-2020-3376 12 Aug 2020 9.8 (v3) Critical Pass Cisco Data Center Network Manager Authorization Bypass (cisco-sa-dcnm-bypass-auth-mVDR6ygT) CVE-2020-3540 25 Aug 2020 6.3 (v3) Medium Pass Cisco Data Center Network Manager Command Injection (cisco-sa-devmgr-cmd-inj-Umc8RHNh) CVE-2020-3377 11 Aug 2020 8.8 (v3) High Pass Cisco Data Center Network Manager XSS (cisco-sa-dcnm-xss-5TdMJRB3) CVE-2020-3523 25 Aug 2020 5.4 (v3) Medium Pass Cisco Data Center Network Manager XSS (cisco-sa-dcnm-xss-JnHSWG5C) CVE-2020-3518 01 Sep 2020 5.4 (v3) Medium Pass Cisco NX-OS Software IPv6 Protocol Independent Multicast DoS (cisco-sa-nxos-pim-memleak-dos-tC8eP7uw)CVE-2020-3338 28 Aug 2020 7.5 (v3) High Pass Cisco Data Center Network Manager Information Disclosure (cisco-sa-dcnm-infordisc-DOAXVvFV) CVE-2020-3520 01 Sep 2020 5.5 (v3) Medium Pass Juniper Junos MX Malformed Packet - DOS (JSA10900) CVE-2019-0001 07 Feb 2019 7.5 (v3) High Pass Cisco Data Center Network Manager Privilege Escalation (cisco-sa-20200219-dcnm-priv-esc) CVE-2020-3112 22 Sep 2020 8.8 (v3) High Pass Atlassian JIRA < 7.13.16 / 8.0.x < 8.5.7 / 8.6.x < 8.9.2 / 8.10.x < 8.10.1 Insecure Direct Object References (IDOR) (JRASERCVE-2020-14174VER-71275) 22 Jul 2020 4.3 (v3) Medium Pass Cisco ASA Remote Code Execution and Denial of Service Vulnerability (cisco-sa-20180129-asa1) (destructive check)CVE-2018-0101 26 Feb 2018 10 (v3) Critical Pass Barco/AWiND WePresent Command Port Detection 09 Apr 2019 None Pass Cisco TelePresence VCS < 14.0.5 Multiple Vulnerabilities (cisco-sa-expressway-ﬁlewrite-87Q5YRk) CVE-2022-20754 CVE-2022-20755 07 Mar 2022 7.2 (v3) High Pass SaltStack Salt Master Detection 20 May 2020 None Pass PALS Library System WebPALS pals-cgi Multiple Vulnerabilities CVE-2001-0216 CVE-2001-0217 13 Feb 2001 7.8 (v2) High Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.17 / 9.0.x <= 9.0.5.4 RCE (6255074)CVE-2020-4534 09 Sep 2020 8.8 (v3) High Pass Juniper JSA11002 CVE-2020-1619 03 Jun 2020 6.7 (v3) Medium Pass Tenable Nessus < 8.11.0 Stored XSS (TNS-2020-05) CVE-2020-5765 16 Jul 2020 5.4 (v3) Medium Pass Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation (cisco-sa-n3n9k-priv-escal-3QhXJBC) CVE-2020-3394 01 Sep 2020 7.8 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.13 / 9.0.x < 9.0.7 Buﬀer Overﬂow CVE-2020-2027 01 Jul 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 / 9.1.x < 9.1.1 VulnerabilityCVE-2020-2003 02 Jul 2020 6.5 (v3) Medium Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.6 Vulnerability CVE-2020-2016 02 Jul 2020 7 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Vulnerability CVE-2020-2005 02 Jul 2020 6.1 (v3) Medium Pass Juniper JSA11000 CVE-2020-1617 19 May 2020 7.5 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 OS Command Injection CVE-2020-2029 01 Jul 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.13 / 9.0.x < 9.0.7 OS Command Injection CVE-2020-2028 01 Jul 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.9 Vulnerability CVE-2020-1996 22 May 2020 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability CVE-2020-2009 22 May 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 / 9.1.x < 9.1.1 VulnerabilityCVE-2020-2015 22 May 2020 8.8 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 Vulnerability CVE-2020-2008 22 May 2020 7.2 (v3) High Pass Juniper Junos OpenSSL Security Advisory (JSA11025) CVE-2019-1551 24 Jul 2020 5.3 (v3) Medium Pass Juniper Junos MX Series PFE DoS (JSA11038) CVE-2020-1651 24 Jul 2020 6.5 (v3) Medium Pass Juniper Junos DoS (JSA11006) CVE-2020-1627 29 Jul 2020 7.5 (v3) High Pass Junos OS: SRX Series: Uniﬁed Access Control (UAC) bypass vulnerability (JSA11018) CVE-2020-1637 29 Jul 2020 6.5 (v3) Medium Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.6 Vulnerability CVE-2020-2017 02 Jul 2020 6.1 (v3) Medium Pass Juniper Junos DoS (JSA11020) CVE-2020-1639 29 Jul 2020 7.5 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.4 / 10.0.x < 10.0.1 DoS CVE-2020-2039 11 Sep 2020 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS 8.0.x / 8.1.x < 8.1.16 DoS CVE-2020-2041 11 Sep 2020 7.5 (v3) High Pass Palo Alto Networks PAN-OS 9.0.x < 9.0.10 / 9.1.x < 9.1.4 / 10.0.x < 10.0.1 Command Injection CVE-2020-2038 11 Sep 2020 7.2 (v3) High Pass TYPO3 8.5.x < 8.7.27 / 9.x < 9.5.8 Session Hijacking (TYPO3-CORE-SA-2019-018) 17 Jul 2020 3.6 (v3) Low Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability CVE-2020-2007 22 May 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.13 Vulnerability CVE-2020-1981 19 Mar 2020 7.8 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.0.14 Open Redirection CVE-2020-1997 22 May 2020 6.1 (v3) Medium Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 Vulnerability CVE-2020-2011 22 May 2020 7.5 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.8 Session Fixation CVE-2020-1993 22 May 2020 5.4 (v3) Medium Pass Junos OS Firewall Filters Failure Vulnerability (JSA10942) CVE-2019-0048 25 Mar 2020 5.8 (v3) Medium Pass Juniper Junos Privilege Escalation (JSA10978) CVE-2019-0071 23 Sep 2020 7.8 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x / 9.0.x / 9.1.x / 10.0.x Improper Input Validation CVE-2020-2035 09 Oct 2020 3 (v3) Low Pass SSL Certiﬁcate Null Character Spooﬁng Weakness 06 Oct 2009 8.3 (v2) High Pass Cisco Small Business Router SNMP Detection 12 Feb 2019 None Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.13 Vulnerability CVE-2020-1980 19 Mar 2020 7.8 (v3) High Pass IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.13 / 8.5.x < 8.5.5.10 / 9.0.x < 9.0.0.1 DoS (CVE-2016-2960)CVE-2016-2960 30 Oct 2020 3.7 (v3) Low Pass Cisco Small Business RV Series Routers Information Disclosure (cisco-sa-rv-routers-Rj5JRfF8) CVE-2020-3150 28 Jul 2020 5.9 (v3) Medium Pass Cisco RV110W, RV130W, and RV215W Routers Syslog HTTP Access Information Disclosure Vulnerability (cisco-sa-20190619-rv-CVE-2019-1898 ﬁleaccess) 19 Jun 2019 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS 7.1 < 7.1.25 / 8.0 < 8.0.20 / 8.1 < 8.1.8 / 9.0 < 9.0.2 OpenSSL Vulnerability CVE-2019-1559 06 Mar 2020 5.9 (v3) Medium Pass IBM Spectrum Protect Plus File Upload RCE CVE-2020-4703 15 Oct 2020 9.8 (v3) Critical Pass IBM WebSphere Application Server 8.5.x < 8.5.5.16 / 9.0.x < 9.0.5.0 XSS (CVE-2019-4271) CVE-2019-4271 15 Oct 2020 3.5 (v3) Low Pass Juniper JSA10970 CVE-2019-0047 CVE-2019-0050 CVE-2019-0054 CVE-2019-0055 CVE-2019-0057 CVE-2019-0058 CVE-2019-0059 CVE-2019-0060 CVE-2019-0062 CVE-2019-0063 CVE-2019-0064 CVE-2019-0066 CVE-2019-0067 CVE-2019-0068 CVE-2019-0073 CVE-2019-007529 Jan 2020 8.8 (v3) High Pass Juniper Stateless IP Firewall Bypass Vulnerability (JSA10983) CVE-2020-1604 17 Feb 2020 5.3 (v3) Medium Pass Juniper JSA10979 CVE-2020-1600 CVE-2020-1601 CVE-2020-1602 CVE-2020-1603 CVE-2020-1604 CVE-2020-1605 CVE-2020-1607 CVE-2020-1608 CVE-2020-160925 Feb 2020 8.8 (v3) High Pass Apache Multiviews Arbitrary Directory Listing CVE-2001-0731 16 Feb 2016 5.3 (v3) Medium Pass Juniper Junos OS: DoS Vulnerability (JSA11068) CVE-2020-1671 22 Oct 2020 7.5 (v3) High Pass IBM WebSphere Application Server 8.0.0.x < 8.0.0.13 / 8.5.x < 8.5.5.11 / 9.0.x < 9.0.0.2 Information DisclosurCVE-2016-9736e (CVE-2016-9736) 20 Oct 2020 5.3 (v3) Medium Pass Cogent DataHub < 6.4.7 Incoming DDE Connection Handling Remote DoS 15 Jun 2016 5 (v2) Medium Pass PHP 5.4.x < 5.4.16 Multiple Vulnerabilities CVE-2013-2110 CVE-2013-4635 CVE-2013-4636 07 Jun 2013 5 (v2) Medium Pass IBM WebSphere Application Server 9.0.x < 9.0.5.3 DoS (CVE-2019-12406) CVE-2019-12406 20 Oct 2020 6.5 (v3) Medium Pass uStorekeeper ustorekeeper.pl ﬁle Parameter Traversal Arbitrary File Access CVE-2001-0466 03 Apr 2001 5 (v2) Medium Pass HIS AUktion auktion.cgi Traversal Arbitrary Command Execution CVE-2001-0212 25 Mar 2001 7.5 (v2) High Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.1 File TCVE-2019-4268raversal (CVE-2019-4268) 19 Oct 2020 5.3 (v3) Medium Pass MySQL Enterprise Monitor 8.0.x < 8.0.22.1262 DoS (Oct 2020 CPU) CVE-2020-13935 23 Oct 2020 7.5 (v3) High Pass Atlassian JIRA < 8.5.9 / 8.6.x < 8.12.3 / 8.13.x < 8.13.1 XSS (JRASERVER-71652) CVE-2020-14184 23 Oct 2020 5.4 (v3) Medium Pass Junos OS: Broadband Edge Service Denial of Service (DoS) Vulnerability (JSA10987) CVE-2020-1608 21 Jan 2020 7.5 (v3) High Pass IBM WebSphere Application Server 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.x < 9.0.0.5 Weak Security Bindings (CVE-2017-1501)CVE-2017-1501 23 Oct 2020 5.9 (v3) Medium Pass SuperMicro Device Uses Default SSL Certiﬁcate 19 Dec 2013 5.8 (v2) Medium Pass SSL Certiﬁcate Contains Weak RSA Key (Inﬁneon TPM / ROCA) CVE-2017-15361 17 Oct 2017 5.9 (v3) Medium Pass APT1-Related SSL Certiﬁcate Detected 19 Feb 2013 10 (v2) Critical Pass SSL Certiﬁcate Signed with the Revoked DigiNotar Certiﬁcate Authority 01 Sep 2011 6.4 (v2) Medium Pass Cisco Adaptive Security Appliance Software Web Services DoS (cisco-sa-asaftd-webdos-fBzM5Ynw) CVE-2020-3304 23 Oct 2020 8.6 (v3) High Pass IBM WebSphere Application Server 7.0.0.x < 7.0.0.45 / 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 Information DisclosurCVE-2017-1681 e (CVE-2017-1681) 23 Oct 2020 3.3 (v3) Low Pass miniBB bb_func_usernfo.php Website Name Field XSS 01 Jan 2004 4.3 (v2) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.2 Beanutils VCVE-2019-10086ulnerability (CVE-2019-10086) 23 Oct 2020 7.3 (v3) High Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x < 9.0.0.8 Information DisclosurCVE-2017-1743 e (CVE-2017-1743) 27 Oct 2020 4.3 (v3) Medium Pass Junos OS Multiple vulnerabilities (JSA11075) CVE-2020-1678 26 Oct 2020 6.5 (v3) Medium Pass Cisco IOS XE Software Consent Token Bypass (cisco-sa-iosxe-ctbypass-7QHAfHkK) CVE-2020-3404 29 Oct 2020 7.8 (v3) High Pass Thunderstone Software TEXIS Nonexistent File Request Path Disclosure CVE-2002-0266 15 Mar 2003 5.3 (v3) Medium Pass PHP Mail Function Header Spooﬁng CVE-2002-0985 CVE-2002-0986 23 Mar 2003 5 (v2) Medium Pass PHP < 7.3.24 Multiple Vulnerabilities 06 Nov 2020 7.5 (v3) High Pass Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass (cisco-sa-ftd-bypass-3eCfd24j)CVE-2020-3299 30 Oct 2020 5.8 (v3) Medium Pass IBM WebSphere Application Server 8.0.0.x < 8.0.0.11 / 8.5.x < 8.5.5.6 XSS (CVE-2014-8917) CVE-2014-8917 30 Oct 2020 6.1 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.x < 9.0.0.10 Security Bypass (CVE-2014-7810)CVE-2014-7810 30 Oct 2020 5.3 (v3) Medium Pass 3Com 3CServer/3CDaemon FTP Server Multiple Vulnerabilities (OF, FS, PD, DoS) CVE-2005-0276 CVE-2005-0277 CVE-2005-0278 CVE-2005-0419 08 Feb 2005 10 (v2) Critical Pass VMware vCenter Server 6.5 / 6.7 / 7.0 DoS (VMSA-2020-0018) CVE-2020-3976 28 Aug 2020 5.3 (v3) Medium Pass Horde IMP status.php3 script Parameter XSS CVE-2002-0181 03 Nov 2004 4.3 (v2) Medium Pass Cisco NX-OS Software Cisco Fabric Services DoS (cisco-sa-fxos-nxos-cfs-dos-dAmnymbd) CVE-2020-3517 04 Nov 2020 8.6 (v3) High Pass Tenable Nessus < 8.12.1 Privilege Escalation Vulnerability (TNS-2020-08) CVE-2020-5793 30 Oct 2020 7.8 (v3) High Pass Cisco Application Policy Infrastructure Controller Linux Kernel IP Fragment Reassembly DoS CVE-2018-5391 27 Mar 2019 7.5 (v3) High Pass Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability CVE-2017-6768 25 Aug 2017 7.8 (v3) High Pass Cisco Integrated Management Controller Authorization Bypass (cisco-sa-cimc-auth-zWkppJxL) CVE-2020-26063 06 Nov 2020 5.4 (v3) Medium Pass Juniper Junos OS Command Injection (JSA11108) CVE-2021-0218 14 Jan 2021 7.8 (v3) High Pass Cisco TelePresence Collaboration Endpoint Software Information Disclosure (cisco-sa-tele-info-DrEGLpDQ)CVE-2020-26086 12 Nov 2020 4.3 (v3) Medium Pass Apache Cassandra CQL Shell Service Detection 03 Nov 2020 None Pass Dell OpenManage Server Administrator Path Traversal (DSA-2020-172) CVE-2020-5377 06 Nov 2020 9.1 (v3) Critical Pass Cisco Uniﬁed Communications Manager IM and Presence Service DoS (cisco-sa-imp-dos-uTx2dqu2) CVE-2020-27121 06 Nov 2020 6.5 (v3) Medium Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.4 / 10.0.x < 10.0.1 Command Injection VCVE-2020-2000ulnerability 13 Nov 2020 7.2 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.17 / 9.0.x < 9.0.11 / 9.1.x < 9.1.2 Information Exposure VulnerabilityCVE-2020-2048 13 Nov 2020 3.3 (v3) Low Pass Juniper Junos EX4300 Series DoS (JSA11067) CVE-2020-1670 01 Dec 2020 6.5 (v3) Medium 28

RELAYTO Penetration Test Results - Page 28

RELAYTO Penetration Test Results Page 27 Page 29