Weaknesses¶
NodeZero identifies and surfaces many weaknesses that it finds during a pentest. Within test results, these weaknesses are designated either with a CVE identifier (e.g., CVE-2021-44228) for publicly identified Common Vulnerabilities and Exposures, or with an H3 weakness identifier (e.g., H3-2022-0001) for weaknesses discovered through Horizon3.ai original research.
This page provides a reference for H3 (Horizon3.ai-discovered) weaknesses. These weaknesses might appear in your pentest reports up to 90 days before we publicly list them on this site. (For details, please see our Vulnerability Disclosure Policy). Once these weaknesses are publicly disclosed and assigned a CVE ID, we add that CVE in pentest results.
For details on previously disclosed CVEs that NodeZero finds in tests, please search the official CVE website maintained by the MITRE Corporation.
| Weakness ID | Name |
|---|---|
| H3-2026-0032 | Azure App Service SCM/Kudu Basic Authentication Enabled |
| H3-2026-0031 | Azure App Service Remote Debugging Enabled |
| H3-2026-0028 | Apache Tomcat JK Status Manager Exposed |
| H3-2026-0023 | Azure Container Registry Admin User Enabled |
| H3-2026-0022 | Azure Container Registry Public Network Access Enabled |
| H3-2026-0021 | Azure Container Registry Anonymous Pull Enabled |
| H3-2026-0016 | Net-SNMP EXTEND-MIB Read/Write Access Remote Code Execution |
| H3-2026-0015 | Azure Storage Account Allows Blob Public Access |
| H3-2026-0014 | Nagios XI SQL Injection Vulnerability |
| H3-2026-0013 | Insecure Direct Object Reference (IDOR) / Broken Object Level Authorization (BOLA) |
| H3-2026-0012 | Fortinet FortiClient EMS Improper Access Control Vulnerability |
| H3-2026-0011 | Reversible Password Encryption Enabled on Domain Controller |
| H3-2026-0009 | Apache Solr AuthTool Hardcoded Credentials Vulnerability |
| H3-2026-0008 | Apache ActiveMQ Jolokia Remote Code Execution Vulnerability |
| H3-2026-0007 | SSH ControlMaster Socket Abuse |
| H3-2026-0005 | Web Application UNC Absolute Path Traversal Vulnerability |
| H3-2026-0004 | Active Directory Certificate Services Misconfiguration: NTLM Relay to AD CS RPC Endpoint |
| H3-2026-0003 | MSSQL EXECUTE AS Impersonation Privilege Escalation Vulnerability |
| H3-2026-0002 | Kubernetes Nodes Proxy GET Permission Remote Code Execution |
| H3-2025-0080 | Sensitive Information Disclosure to Unauthenticated Users |
| H3-2025-0074 | LDAP Channel Binding Not Required |
| H3-2025-0073 | LDAP Signing Not Required |
| H3-2025-0068 | Privilege Escalation - Potato Style Exploit |
| H3-2025-0067 | LAPS Password Exposure |
| H3-2025-0066 | osTicket PHP Filter Chain Injection Vulnerability |
| H3-2025-0065 | osTicket Anonymous Ticket Creation with Rich Text Content Enabled |
| H3-2025-0064 | osTicket Self-Signup Enabled |
| H3-2025-0062 | SCCM Hierarchy Takeover via NTLM Coercion and Relay to SMB |
| H3-2025-0060 | Gladinet Centrestack MachineKey Deserialization Vulnerability |
| H3-2025-0058 | SCCM Hierarchy Takeover via NTLM Coercion and Relay to MSSQL |
| H3-2025-0057 | N-able N-central Authentication Bypass Vulnerability |
| H3-2025-0056 | FreePBX Authentication Bypass SQL Injection |
| H3-2025-0055 | FreePBX Authentication Bypass File Upload RCE |
| H3-2025-0054 | N-able N-central Authenticated XML External Entity (XXE) Vulnerability |
| H3-2025-0053 | Fortinet FortiSIEM Arbitrary File Write Remote Code Execution Vulnerability |
| H3-2025-0052 | Golden Ticket |
| H3-2025-0051 | UpdraftPlus Plugin PEM Key Exposure |
| H3-2025-0049 | Thinkphp Remote Code Execution Vulnerability |
| H3-2025-0048 | PHP Debug Interface Exposure |
| H3-2025-0047 | Puppet Node Manager Authorization Bypass |
| H3-2025-0046 | Samsung MagicINFO 9 Server Remote Code Execution Vulnerability |
| H3-2025-0044 | Oracle EBS Bispgraph File Access Vulnerability |
| H3-2025-0034 | GoCD Encryption Key Exposure in Pipeline Configuration |
| H3-2025-0033 | Docker Compose File Exposure |
| H3-2025-0032 | Generic .env File Exposure |
| H3-2025-0028 | Unsecured InfluxDB Access via Misconfiguration |
| H3-2025-0027 | Kentico Xperience Staging Service Authentication Bypass WT-2025-0011 Vulnerability |
| H3-2025-0026 | Kentico Xperience Staging Service Authentication Bypass WT-2025-0006 Vulnerability |
| H3-2025-0025 | Langflow Code Injection Vulnerability |
| H3-2025-0024 | Active Directory Misconfiguration: Low-Privilege User with GenericAll Privileges |
| H3-2025-0023 | Wordpress Newsletter Manager < 1.5 - Unauthenticated Open Redirect |
| H3-2025-0022 | Wordpress DB Repair Exposed |
| H3-2025-0021 | Wordpress Directory Listing |
| H3-2025-0020 | Wordpress Accessible WPConfig |
| H3-2025-0019 | Git Repo-Jacking |
| H3-2025-0018 | GitHub Actions Dangerous Bot Conditions |
| H3-2025-0017 | GitHub Actions Secrets Inheritance |
| H3-2025-0016 | GitHub Actions Cache Poisoning |
| H3-2025-0015 | GitHub Actions Dangerous Environment Variable Writes |
| H3-2025-0014 | GitHub Actions Insecure Commands |
| H3-2025-0013 | GitHub Actions Unpinned Uses |
| H3-2025-0012 | GitHub Actions Template Injection |
| H3-2025-0011 | GitHub Actions Self Hosted Runner |
| H3-2025-0010 | GitHub Actions Ref Confusion |
| H3-2025-0009 | GitHub Actions Known Vulnerable Actions |
| H3-2025-0008 | GitHub Actions Imposter Commit |
| H3-2025-0007 | GitHub Actions Hardcoded Container Credentials |
| H3-2025-0006 | GitHub Actions Excessive Permissions |
| H3-2025-0005 | GitHub Actions Dangerous Triggers |
| H3-2025-0004 | GitHub Actions Artifacts Credential Leakage |
| H3-2025-0003 | IIS Shortname Disclosure Vulnerability |
| H3-2025-0002 | Management Console Exposed to the Internet |
| H3-2025-0001 | SimpleHelp Path Traversal Vulnerability |
| H3-2024-0061 | CyberPower PowerPanel Enterprise SQL Injection Vulnerability |
| H3-2024-0060 | Insecure Storage of Connection Strings in Application Properties |
| H3-2024-0059 | Kubernetes Service Account Can Execute Code in Pods |
| H3-2024-0058 | Improper use of K8S Cluster Admin Access |
| H3-2024-0057 | Active Directory gMSA Account Password Exposure |
| H3-2024-0056 | Microsoft SQL Server NTLM Credential Coercion Vulnerability |
| H3-2024-0054 | Kubernetes Identity can Create a Pod and Escape to the Node |
| H3-2024-0053 | Ivanti Endpoint Manager Multiple NTLM Credential Coercion Vulnerabilities |
| H3-2024-0052 | CUPS-browsed Server Side Request Forgery Vulnerability |
| H3-2024-0051 | Intune Mobile Device Management Remote Code Execution (RCE) |
| H3-2024-0046 | Over-Privileged StackSet Execution Role |
| H3-2024-0045 | AWS Privilege Escalation via iam:PassRole and ec2:RunInstances |
| H3-2024-0044 | AWS Privilege Escalation via iam:PassRole, lambda:CreateFunction, and lambda:InvokeFunction |
| H3-2024-0043 | AWS Privilege Escalation via iam:PassRole and cloudformation:CreateStack |
| H3-2024-0042 | Palo Alto Expedition Authenticated Sensitive Information Leak Vulnerability |
| H3-2024-0041 | Palo Alto Expedition Unauthenticated SQL Injection Vulnerability |
| H3-2024-0040 | Palo Alto Expedition Authenticated Command Injection Vulnerability |
| H3-2024-0039 | Microsoft Graph App Role Privilege Elevation |
| H3-2024-0038 | Microsoft Entra (AzureAD) - Entra Group Takeover |
| H3-2024-0037 | Azure Cloud Kerberos Trust Abuse |
| H3-2024-0036 | Improper use of AWS Administrator Access |
| H3-2024-0035 | AWS Access Key Id Third Party Canary |
| H3-2024-0034 | NTLM Authentication Endpoint Exposed to the Internet |
| H3-2024-0033 | Jupyter Server on Windows Credential Leak Vulnerability |
| H3-2024-0032 | Traccar Self-Signup Enabled |
| H3-2024-0031 | Gradio Arbitrary File Read Vulnerability |
| H3-2024-0030 | Traccar Device Image Upload Remote Code Execution Vulnerability |
| H3-2024-0029 | Active Directory User has Entra Administrator Role |
| H3-2024-0028 | NodeZero Remote Access Tool Deployed and Executed |
| H3-2024-0019 | Credential Dumping - Office365 Application Memory |
| H3-2024-0018 | Unauthenticated Access to Redis |
| H3-2024-0017 | AWS Privilege Escalation - iam:PutGroupPolicy |
| H3-2024-0016 | AWS Privilege Escalation - iam:AttachGroupPolicy |
| H3-2024-0015 | NextChat Open Proxy Server-Side Request Forgery Vulnerability |
| H3-2024-0012 | Microsoft Entra (AzureAD) - Service Principal Takeover |
| H3-2024-0011 | Microsoft Entra (AzureAD) - Over-Privileged Service Principal |
| H3-2024-0010 | Microsoft Entra (AzureAD) Connect Credential Dumping |
| H3-2024-0009 | AWS Privilege Escalation - iam:CreatePolicyVersion |
| H3-2024-0008 | AWS Privilege Escalation - iam:UpdateAssumeRolePolicy |
| H3-2024-0007 | AWS Privilege Escalation - iam:UpdateLoginProfile |
| H3-2024-0006 | AWS Privilege Escalation - iam:CreateLoginProfile |
| H3-2024-0005 | AWS Privilege Escalation - iam:CreateAccessKey |
| H3-2024-0004 | AWS Privilege Escalation - iam:PutRolePolicy |
| H3-2024-0003 | AWS Privilege Escalation - iam:AttachRolePolicy |
| H3-2024-0002 | AWS Privilege Escalation - iam:PutUserPolicy |
| H3-2024-0001 | AWS Privilege Escalation - iam:AttachUserPolicy |
| H3-2023-0030 | Active Directory - User Password Not Required |
| H3-2023-0029 | Password in Active Directory User Attribute |
| H3-2023-0028 | H2 Embedded Database Misconfiguration |
| H3-2023-0027 | NextGen Mirth Connect Remote Code Execution Vulnerability |
| H3-2023-0023 | Apache Solr Arbitrary File Read Vulnerability |
| H3-2023-0022 | PaperCut Arbitrary File Read and Deletion Vulnerability |
| H3-2023-0021 | Phished Credential |
| H3-2023-0020 | PaperCut File Upload Remote Code Execution Vulnerability |
| H3-2023-0019 | Credential Dumping - Data Protection API (DPAPI) Secrets |
| H3-2023-0018 | Microsoft Windows Machine Account NTLM Coercion via Distributed File System Namespace Management Protocol Manipulation |
| H3-2023-0017 | Microsoft Windows Machine Account NTLM Coercion via File Server Remote VSS Protocol Manipulation |
| H3-2023-0016 | Authenticated Microsoft Windows Machine Account NTLM Coercion via Print Spooler Protocol Manipulation |
| H3-2023-0015 | Authenticated Microsoft Windows Machine Account NTLM Coercion via EventLog Remoting Protocol Manipulation |
| H3-2023-0014 | Authenticated Microsoft Windows Machine Account NTLM Coercion via Distributed File System Namespace Management Protocol Manipulation |
| H3-2023-0013 | Authenticated Microsoft Windows Machine Account NTLM Coercion via File Server Remote VSS Protocol Manipulation |
| H3-2023-0012 | Microsoft Windows Machine Account NTLM Coercion via Print Spooler Protocol Manipulation |
| H3-2023-0011 | Microsoft Windows Machine Account NTLM Coercion via EventLog Remoting Protocol Manipulation |
| H3-2023-0010 | Kerberos Constrained Delegation |
| H3-2023-0009 | Kerberos Unconstrained Delegation |
| H3-2023-0008 | AWS Multi-Factor Authentication Disabled |
| H3-2023-0007 | Detection: 3CXDesktopApp Supply Chain Attack |
| H3-2023-0006 | Detection: Pass-The-Hash |
| H3-2023-0005 | Detection: A Hidden Machine Account Was Created |
| H3-2023-0004 | Detection: Kerberoasting |
| H3-2023-0003 | Pre-Windows 2000 Computer Set |
| H3-2023-0002 | Flask Authentication Bypass Misconfiguration |
| H3-2023-0001 | Apache Superset Authentication Bypass Misconfiguration |
| H3-2022-0097 | Kerberos Pass-the-Ticket Attack |
| H3-2022-0096 | Lexmark Printer Command Injection Vulnerability |
| H3-2022-0095 | Password Reuse Found in Active Directory Services Database (NTDS) |
| H3-2022-0094 | Kubernetes Read with Service Account Token |
| H3-2022-0093 | Weak or Default Credentials - Cracked Credentials from Active Directory Services Database (NTDS) |
| H3-2022-0092 | Kubernetes Remote Code Execution with Service Token |
| H3-2022-0091 | Credential Dumping - Chrome Browser |
| H3-2022-0090 | Public Access to Amazon RDS Snapshot |
| H3-2022-0089 | Public Access to Amazon EBS Snapshot |
| H3-2022-0088 | Public Access to Amazon EC2 AMI |
| H3-2022-0087 | Password Reuse |
| H3-2022-0086 | Domain User with Local Administrator Privileges |
| H3-2022-0085 | Credential Reuse - Shared Windows Local User and Domain User Accounts |
| H3-2022-0084 | Credential Reuse - Windows Local Administrator Accounts |
| H3-2022-0083 | Anonymous Access to the Kubernetes Dashboard |
| H3-2022-0082 | Exposed Kubernetes Version |
| H3-2022-0081 | Atlassian Jira Unauthenticated User Enumeration via the User Picker Browser |
| H3-2022-0080 | WordPress Unauthenticated User Enumeration |
| H3-2022-0079 | Credential Dumping - AWS Instance Metadata Service v2 |
| H3-2022-0078 | Unauthenticated Gitlab User Enumeration |
| H3-2022-0077 | Amazon Relational Database Service (RDS) DB Instance Is Exposed to the Internet |
| H3-2022-0076 | Unauthenticated AWS Cognito Role |
| H3-2022-0075 | Public-Facing Application Exposed with HTTP Basic Authentication |
| H3-2022-0074 | AWS Assume Role Access |
| H3-2022-0073 | Microsoft Windows Machine Account NTLM Coercion via Authenticated LSARPC Spoofing |
| H3-2022-0072 | Apache Airflow Debug Mode Enabled |
| H3-2022-0071 | Jenkins Self-Signup Enabled |
| H3-2022-0070 | Anonymous MongoDB Access |
| H3-2022-0069 | Web Directory Listing |
| H3-2022-0068 | Airflow Configuration Exposure |
| H3-2022-0067 | Weak or Default Credentials - MongoDB |
| H3-2022-0066 | Git Repo Exposed on a Web Server |
| H3-2022-0065 | Unauthenticated Access to Apache Airflow |
| H3-2022-0064 | Rails Secret Token Exposure |
| H3-2022-0063 | Private Keys Exposed on Web Server |
| H3-2022-0062 | Microsoft FrontPage service.pwd File Exposure |
| H3-2022-0061 | Apache Web Server htpasswd File Exposure |
| H3-2022-0060 | Spring Boot Env Actuator Exposed |
| H3-2022-0059 | Spring Boot Configuration Properties Actuator Exposed |
| H3-2022-0058 | Jolokia Local File Inclusion Misconfiguration |
| H3-2022-0057 | jQuery File Upload Widget Exposed |
| H3-2022-0056 | Anonymous Deployment Privileges in JFrog Artifactory |
| H3-2022-0055 | phpMyAdmin Setup Page Exposed |
| H3-2022-0054 | CGI Test Script Exposed |
| H3-2022-0053 | Laravel .env File Exposure |
| H3-2022-0052 | Ansible Configuration File Exposure |
| H3-2022-0051 | Symfony Configuration File Exposure |
| H3-2022-0050 | PHP-FPM Configuration File Exposure |
| H3-2022-0049 | IIS web.config File Exposure |
| H3-2022-0048 | Apache Web Server Configuration File Exposure |
| H3-2022-0047 | Apache Tomcat Example Scripts Exposed |
| H3-2022-0046 | Rails Database Configuration File Exposure |
| H3-2022-0045 | PHPinfo Page Exposed |
| H3-2022-0044 | Shell History File Exposure |
| H3-2022-0043 | Backup File Exposure |
| H3-2022-0042 | Django Debug Mode Enabled |
| H3-2022-0041 | Symfony Profiler Enabled |
| H3-2022-0040 | Symfony Debug Mode Enabled |
| H3-2022-0039 | Golang pprof Debugging Endpoint Enabled |
| H3-2022-0038 | Ruby on Rails Debug Mode Enabled |
| H3-2022-0037 | Laravel Debug Mode Enabled |
| H3-2022-0036 | Guest Access to Zabbix Dashboards |
| H3-2022-0035 | Unauthenticated Access to JavaMelody Monitoring Console |
| H3-2022-0034 | Anonymous Access to Zoho ManageEngine ADManager Plus Employee Search |
| H3-2022-0033 | Unauthenticated Access to Jenkins People Directory |
| H3-2022-0032 | Unauthenticated Access to Prometheus Alertmanager |
| H3-2022-0031 | Unauthenticated Access to Mongo Express |
| H3-2022-0030 | Unauthenticated Access to Paessler PRTG Network Monitor |
| H3-2022-0029 | Unauthenticated Access to ThoughtWorks GoCD |
| H3-2022-0028 | Unauthenticated Access to Apache Solr |
| H3-2022-0027 | Unauthenticated Access to Jupyter |
| H3-2022-0026 | Unauthenticated Access to Kubeflow |
| H3-2022-0025 | Unauthenticated Access to Kibana |
| H3-2022-0024 | Active Directory Certificate Services Misconfiguration: NTLM Relay to AD CS HTTP Endpoint |
| H3-2022-0023 | Active Directory Certificate Services: Vulnerable Certificate Authority Access Control |
| H3-2022-0022 | Active Directory Certificate Services - EDITF_ATTRIBUTESUBJECTALTNAME2 flag set |
| H3-2022-0021 | Active Directory Certificate Services Domain Escalation via Vulnerable PKI AD Object Access Controls |
| H3-2022-0020 | Active Directory Certificate Services Misconfigured Template Access Controls |
| H3-2022-0019 | Active Directory Certificate Services - Template May Be Requested by Enrollment Agent Signature |
| H3-2022-0018 | Active Directory Certificate Services Misconfigured Enrollment Agent Template |
| H3-2022-0017 | Active Directory Certificate Services Misconfiguration Privilege Escalation - Any Purpose or No (aka SubCA) EKU Misconfiguration |
| H3-2022-0016 | Active Directory Certificate Services Misconfiguration Privilege Escalation - Subject Alternative Name |
| H3-2022-0015 | Web Application Path Traversal Vulnerability |
| H3-2022-0013 | Unauthenticated Access to Jira Projects |
| H3-2022-0012 | Unauthenticated Access to Jira Dashboards |
| H3-2022-0011 | Zoho ManageEngine ADAudit Plus Remote Code Execution Vulnerability |
| H3-2022-0010 | Risky Port Exposed to the Internet |
| H3-2022-0009 | Simple Network Management Protocol (SNMP) Port Exposed to the Internet |
| H3-2022-0008 | File Transfer Protocol (FTP) Port Exposed to the Internet |
| H3-2022-0007 | Telnet Port Exposed to the Internet |
| H3-2022-0006 | Database Port Exposed to the Internet |
| H3-2022-0005 | Secure Socket Shell (SSH) Port Exposed to the Internet |
| H3-2022-0004 | Server Message Block (SMB) Port Exposed to the Internet |
| H3-2022-0003 | Remote Desktop Protocol (RDP) Port Exposed to the Internet |
| H3-2022-0002 | Azure Multi-Factor Authentication Disabled |
| H3-2022-0001 | Web Application Cross Site Scripting Vulnerability |
| H3-2021-0048 | Open Mail Relay |
| H3-2021-0047 | JBoss Application Server HTTP Invoker Remote Code Execution Vulnerability |
| H3-2021-0046 | Credential Dumping - Active Directory Services Database (NTDS) |
| H3-2021-0045 | Credential Dumping - /etc/shadow File |
| H3-2021-0044 | Credential Dumping - Local Security Authority Subsystem Service (LSASS) Memory |
| H3-2021-0043 | Credential Dumping - Local Security Authority (LSA) Secrets |
| H3-2021-0042 | Credential Dumping - Security Account Manager (SAM) Database |
| H3-2021-0041 | Apache Druid Server-Side Request Forgery Vulnerability |
| H3-2021-0040 | AWS Instance Metadata Service v1 Exposed |
| H3-2021-0039 | Unrestricted Sudo Privileges |
| H3-2021-0038 | Kerberoasting |
| H3-2021-0037 | Werkzeug Debug Console Enabled |
| H3-2021-0036 | Unauthenticated Access to Elasticsearch |
| H3-2021-0035 | NBT-NS Poisoning Possible |
| H3-2021-0034 | LLMNR Poisoning Possible |
| H3-2021-0033 | mDNS Poisoning Possible |
| H3-2021-0032 | Credential Reuse |
| H3-2021-0031 | Public Access to Git Repository |
| H3-2021-0030 | SMB Signing Not Required |
| H3-2021-0029 | AWS Unrestricted Assume Role Access |
| H3-2021-0028 | Weak Password Strength Requirements |
| H3-2021-0027 | Weak Account Lockout Threshold |
| H3-2021-0026 | Public Self-Signed Certificate |
| H3-2021-0025 | Expired SSL/TLS Certificate |
| H3-2021-0024 | Dangling DNS Record |
| H3-2021-0023 | Public Access to Azure Blob Storage Container |
| H3-2021-0022 | IPV6 DNS Hijacking Possible Using Mitm6 |
| H3-2021-0021 | Weak or Default Credentials - Web Applications |
| H3-2021-0020 | Weak or Default Credentials - Cracked Credentials |
| H3-2021-0019 | Weak or Default Credentials - Password Spray |
| H3-2021-0018 | Weak or Default Credentials - Postgres |
| H3-2021-0017 | Weak or Default Credentials - MySQL |
| H3-2021-0016 | Weak or Default Credentials - Microsoft SQL Server |
| H3-2021-0015 | Weak or Default Credentials - SNMP |
| H3-2021-0014 | Weak or Default Credentials - SSH |
| H3-2021-0013 | Weak or Default Credentials - Telnet |
| H3-2021-0012 | Weak or Default Credentials - FTP |
| H3-2021-0011 | Kerberos Pre-Authentication Disabled |
| H3-2021-0010 | Unauthenticated Docker Engine API Access |
| H3-2021-0009 | Unauthenticated Docker Registry API Access |
| H3-2021-0008 | Unauthenticated Etcd Access |
| H3-2021-0007 | Kubernetes Service Account Token Exposure |
| H3-2021-0006 | Unauthenticated Kubernetes API Server Access |
| H3-2021-0005 | Unauthenticated Kubelet API Remote Code Execution Vulnerability |
| H3-2021-0004 | Kubernetes Privileged Container Exposure |
| H3-2021-0003 | Unauthenticated Access to Sensitive Kubelet API Endpoints |
| H3-2021-0002 | Subdomain Takeover |
| H3-2021-0001 | Public Access to Amazon S3 Bucket |
| H3-2020-0030 | Android Debug Bridge (ADB) over TCP Enabled |
| H3-2020-0029 | Print Spooler Service on Domain Controller Enabled |
| H3-2020-0028 | FTP Directory Traversal Vulnerability |
| H3-2020-0027 | Vulnerable SSL Weak Ciphers |
| H3-2020-0026 | Vulnerable SSL RC4 Algorithm |
| H3-2020-0025 | Vulnerable SSL Version |
| H3-2020-0024 | Vulnerable SSL Insecure Client Renegotiation |
| H3-2020-0023 | Apache Hadoop YARN ResourceManager Unauthenticated Command Execution |
| H3-2020-0022 | Insecure Java JMX Configuration |
| H3-2020-0021 | Unauthenticated Access to the Jenkins Script Console |
| H3-2020-0020 | Credential Reuse Identified |
| H3-2020-0019 | Outdated Vulnerable Software Versions Detected |
| H3-2020-0018 | Fundamentally Insecure Protocols Detected |
| H3-2020-0017 | IPMI Cipher Zero Vulnerability |
| H3-2020-0016 | Insecure IPMI Implementation |
| H3-2020-0015 | Lack of Network Segmentation/Segregation |
| H3-2020-0014 | Weak or Default Credentials |
| H3-2020-0013 | SMB Relay Attack Possible |
| H3-2020-0012 | LLMNR/NBT-NS Poisoning Possible |
| H3-2020-0011 | Weak NTFS Permissions |
| H3-2020-0010 | NFS UID/GID Manipulation Possible |
| H3-2020-0009 | Weak NFS Export Permissions |
| H3-2020-0008 | Guest Account Enabled |
| H3-2020-0007 | SMB Null Session Allowed |
| H3-2020-0006 | LDAP Null Bind Allowed |
| H3-2020-0005 | Anonymous FTP Enabled |
| H3-2020-0004 | Zone Transfer Allowed to Any Server |
| H3-2020-0003 | Anonymous Access to Printer using PJL or PS |
| H3-2020-0002 | Anonymous Access to ZooKeeper API |
| H3-2020-0001 | Remote Desktop Username Disclosure |