EASM Lightweight Scan
EASM lightweight scan enables you to quickly detect vulnerabilities in your external assets using Qualys's latest industry-leading vulnerability scanner. This scan is automatically triggered 24 hours after EASM Discovery is completed.
IPs and Assets Excluded from EASM Lightweight Scan
The following types of IPs are excluded:
- All IPv6 addresses
- All Private IP address (RFC 1918)
- Reserved IP ranges:
- 0.0.0.0 – 0.255.255.255
- 127.0.0.0 - 127.255.255.255
- 224.0.0.0 - 239.255.255.255
- 255.0.0.0 - 255.255.255.255
- IPs added in the VM module without a VM scan: If you have added IPs in the VM module but have not performed a VM scan on them, they will not be included in the EASM lightweight scan.
If you want to include these IPs, delete them from the CSAM > Configuration > Settings tab or from the VMDR > Address Management tab.
CDN Assets
By default, CDN assets are not included in the EASM lightweight scan. To include CDN assets in the EASM lightweight scan, uncheck the Exclude CDN Assets checkbox in the EASM configuration profile.
For more information on configuring the EASM profile, refer to How to Configure the EASM Profile.
Note: You can find the details of external scanners by navigating to VMDR > Help > About > External Scanners. For more information, refer to External Scanner IPs section in the VMDR online help.
Vulnerabilities Detected by EASM Lightweight Scan
The vulnerabilities detected by the lightweight scan are categorized into three option profiles. Click on each profile to learn more.
- Certificate-based vulnerabilities
- CISA Known Exploited vulnerabilities
- Vulnerabilities detected by remote scans
Certificate-based Vulnerabilities
This profile includes vulnerabilities related to certificate information exposure and misconfiguration. The EASM lightweight scan is performed daily for this profile using the following TCP ports: 25, 465, 587, 110, 143, 443, 636, 989, 990, and 3389.
| QID | Title |
|---|---|
| 38116 | SSL Server Information Retrieval |
| 38139 | SSL Server Has SSLv2 Enabled Vulnerability |
| 38142 | SSL Server Allows Anonymous Authentication Vulnerability |
| 38167 | SSL Certificate - Expired |
| 38168 | SSL Certificate - Future Start Date |
| 38169 | SSL Certificate - Self-Signed Certificate |
| 38170 | SSL Certificate - Subject Common Name Does Not Match Server FQDN |
| 38171 | SSL Certificate - Server Public Key Too Small |
| 38172 | SSL Certificate - Improper Usage Vulnerability |
| 38173 | SSL Certificate - Signature Verification Failed Vulnerability |
| 38174 | SSL Certificate - Will Expire Soon |
| 38182 | Webmin Static SSL Key Vulnerability |
| 38224 | OpenSSL ASN.1 Parsing Vulnerabilities |
| 38356 | OpenSSL RSA Timing Attack Vulnerability |
| 38477 | SSL Insecure Protocol Negotiation Weakness |
| 38596 | TLS Protocol Session Renegotiation Security Vulnerability |
| 38597 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Invalid Protocol Version Tolerance |
| 38598 | Deprecated Public Key Length |
| 38599 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Compression Algorithm Information Leakage Vulnerability |
| 38600 | SSL Certificate will expire within next six months |
| 38601 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Use of Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR) |
| 38602 | OpenSSL Multiple Remote Security Vulnerabilities |
| 38603 | SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE) |
| 38604 | TLS CBC Incorrect Padding Abuse Vulnerability |
| 38605 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server Factoring RSA_EXPORT Keys Vulnerability (FREAK) |
| 38607 | SSL Server Diffie-Hellman passive listening attack Vulnerability |
| 38608 | SSL Server Diffie-Hellman Weak Encryption Vulnerability (Logjam) |
| 38609 | SSL Server default Diffie-Hellman prime information |
| 38610 | SSL/TLS Server supports TLS_FALLBACK_SCSV |
| 38626 | OpenSSL oracle padding vulnerability (CVE-2016-2107) |
| 38659 | F5 BIG-IP TLS Vulnerability (Ticketbleed) |
| 38695 | TLS ROBOT Vulnerability Detected |
| 38704 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Key Exchange Methods |
| 38706 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Protocol Properties |
| 38764 | TLS Padding Oracle Vulnerability (Zombie POODLE and GOLDENDOODLE) |
| 42007 | Debian OpenSSL Package Random Number Generator Weakness |
| 42012 | X.509 Certificate MD5 Signature Collision Vulnerability |
| 42350 | TLS Secure Renegotiation Extension Support Information |
| 42366 | SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST) |
| 42430 | OpenSSL Memory Leak Vulnerability (Heartbleed Bug) |
| 45039 | Host Names Found |
| 45218 | Authenticated Certificate Retrieval - Information |
| 45231 | Trusted Digital Certificates Enumerated From Windows Registry |
| 48143 | Qualys Correlation ID Detected |
| 86000 | Web Server Version |
| 86002 | SSL Certificate - Information |
| 86137 | HTTP Strict Transport Security (HSTS) Support Detected |
| 105737 | EOL/Obsolete Hardware: Cisco Application Control Engine (ACE) 30/4710 Secure Sockets Layer (SSL) Software Development Kit (SDK) Bleichenbacher Attack Information Disclosure Vulnerability (ROBOT) |
| 120604 | Oracle Java SE Critical Patch Update - October 2012 (ROBOT) |
| 316174 | Cisco ASA Bleichenbacher attack on TLS Information Disclosure Vulnerability (ROBOT) |
| 370661 | F5 BIG-IP OpenSSL Man in the Middle Vulnerability (K21905460) (ROBOT) |
| 370683 | Citrix NetScaler ADC and Gateway TLS Padding Oracle Vulnerability (CTX230238) (ROBOT) |
CISA Known Exploited Vulnerabilities
This profile includes vulnerabilities listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. The EASM lightweight scan is performed daily for this profile.
| TCP | UDP |
|---|---|
| 11 | 7 |
| 13 | 13 |
| 15 | 17 |
| 17 | 19 |
| 19-23 | 37 |
| 25 | 53 |
| 37 | 67-69 |
| 42 | 111 |
| 53 | 123 |
| 66 | 135 |
| 69-70 | 137 |
| 79-81 | 161 |
| 88 | 177 |
| 98 | 407 |
| 109-111 | 464 |
| 113 | 500 |
| 118-119 | 517-518 |
| 123 | 520 |
| 135 | 1434 |
| 139 | 1645 |
| 143 | 1701 |
| 220 | 1812 |
| 256-259 | 2049 |
| 264 | 3527 |
| 371 | 4569 |
| 389 | 4665 |
| 411 | 5036 |
| 443 | 5060 |
| 445 | 5632 |
| 464-465 | 6502 |
| 512-515 | 7778 |
| 523-524 | 15345 |
| 540 | |
| 548 | |
| 554 | |
| 563 | |
| 580 | |
| 593 | |
| 636 | |
| 749-751 | |
| 873 | |
| 900-901 | |
| 990 | |
| 992-993 | |
| 995 | |
| 1080 | |
| 1114 | |
| 1214 | |
| 1234 | |
| 1352 | |
| 1433 | |
| 1494 | |
| 1508 | |
| 1521 | |
| 1720 | |
| 1723 | |
| 1755 | |
| 1801 | |
| 2000-2001 | |
| 2003 | |
| 2049 | |
| 2301 | |
| 2401 | |
| 2447 | |
| 2690 | |
| 2766 | |
| 3128 | |
| 3268-3269 | |
| 3306 | |
| 3372 | |
| 3389 | |
| 4100 | |
| 4443-4444 | |
| 4661-4662 | |
| 5000 | |
| 5432 | |
| 5555-5556 | |
| 5631-5632 | |
| 5634 | |
| 5800-5802 | |
| 5900-5901 | |
| 6000 | |
| 6112 | |
| 6346 | |
| 6387 | |
| 6666-6667 | |
| 6699 | |
| 7007 | |
| 7100 | |
| 7161 | |
| 7777-7778 | |
| 8000-8001 | |
| 8010 | |
| 8080-8081 | |
| 8100 | |
| 8888 | |
| 8910 | |
| 9100 | |
| 10000 | |
| 12345-12346 | |
| 20034 | |
| 21554 | |
| 32000 | |
| 32768-32790 |
| QID | Title |
|---|---|
| 10075 | Drupal Core Security Update (SA-CORE-2021-001) |
| 10369 | SonicWall Secure Mobile Access 100 series Unspecified Vulnerability (SNWLID-2021-0001) |
| 11492 | JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability |
| 11515 | SolarWinds Orion API Authentication Bypass Vulnerability (Solorigate/SUPERNOVA) (Unauthenticated check) |
| 11571 | Ruby on Rails Multiple Security Vulnerabilities |
| 11699 | VMware vCenter Server Remote Code Execution Vulnerability (VMSA-2021-0002) |
| 11759 | Netgear Multiple Routers Password Disclosure Vulnerability |
| 11760 | NETGEAR WNR2000 Remote Code Execution Vulnerability |
| 11844 | Apache Struts Showcase App Remote Code Execution Vulnerability (S2-048) |
| 11850 | Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability |
| 11856 | Symantec Messaging Gateway Multiple Vulnerabilities (SYM17-006) |
| 11889 | TripWire Enterprise Console Prior to version 8.6.0 Multiple Vulnerabilities. |
| 11894 | GoAhead LD_PRELOAD Remote Code Execution Vulnerability |
| 11930 | JBoss 5.x/6.x Java Deserialization Vulnerability (CVE-2017-12149) |
| 11942 | Drupal Core Remote Code Execution Vulnerability (SA-CORE-2018-002) |
| 11964 | Drupal Core Remote Code Execution Vulnerability (SA-CORE-2018-004) |
| 11985 | Dasan GPON Home Routers Remote Code Execution Vulnerability |
| 11998 | Cisco RV132W and RV134W Multiple Security Vulnerabilities |
| 12343 | Adobe Multiple Products XML and XML External Entity Injection Vulnerabilities (APSB10-05) |
| 12399 | Adobe Security Hotfix for ColdFusion (APSB10-18) |
| 12483 | Red Hat JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users |
| 12542 | Apache Struts2 Multiple Vulnerabilities (S2-008) |
| 12549 | PHP-CGI Query String Parameter Vulnerability |
| 12707 | Apache Struts Multiple Remote Code Execution Vulnerabilities (S2-016,S2-017) |
| 12770 | phpMyAdmin Multiple Vulnerabilities (PMASA-2009-2,PMASA-2009-3) |
| 12834 | SAP NetWeaver Portal ConfigServlet Remote Command Execution Vulnerability (1445998) |
| 12836 | Oracle Forms and Reports Two Vulnerabilities |
| 12930 | Splunk OpenSSL Multiple Vulnerabilities (Heartbleed Bug) |
| 12937 | Apache Archiva Cross-Site scripting and Command Execution Vulnerability |
| 12955 | Elasticsearch Insure Configuration Remote Code Execution |
| 13015 | Parallels Plesk Panel Remote Code Execution Vulnerability |
| 13023 | HTTP File Server "ParserLib.pas" Remote Command Execution Vulnerability |
| 13038 | Bash Command Injection/Remote Code Execution Vulnerability (Remote Detection) (ShellShock) |
| 13081 | HP Smart Update Manager (SUM) Information Disclosure Vulnerability (Heartbleed Bug) |
| 13110 | ElasticSearch Groovy Script Engine Remote Code Execution Vulnerability |
| 13144 | Progress Telerik UI Cryptographic Security Bypass Vulnerability |
| 13147 | MikroTik RouterOS Stack-based Buffer Overflow Vulnerability |
| 13151 | Quest KACE System Management Appliance Multiple Vulnerabilities |
| 13152 | Netgear Multiple Versions Command Injection Vulnerability |
| 13168 | NETGEAR DGN2200v1-'Multiple Vulnerabilities |
| 13182 | VMware NSX SD-WAN Edge by VeloCloud Multiple Remote Command Execution Vulnerabilities |
| 13231 | MikroTik RouterOS Privilege Escalation Vulnerability |
| 13279 | Primetek PrimeFaces Expression Language Remote Code Execution Vulnerability |
| 13303 | Apache ActiveMQ Fileserver Arbitrary Code Execution Vulnerability |
| 13314 | Drupal Core Remote Code Execution Vulnerability (SA-CORE-2020-012) |
| 13378 | ThinkPHP Remote Code Execution Vulnerability |
| 13405 | Cisco Small Business RV320 and RV325 Router Multiple Security Vulnerabilities |
| 13419 | Nexus Repository Manager3 Remote Code Execution Vulnerablility |
| 13420 | Drupal Remote Code Execution (SA-CORE-2019-003) |
| 13438 | ThinkPHP noneCms call_user_func Remote Code Execution Vulnerability |
| 13459 | Atlassian Confluence Server Remote Code Execution Vulnerability (CONFSERVER-57974) |
| 13469 | WordPress Social-Warfare Plugin Stored Cross-Site Scripting Vulnerability |
| 13484 | Crestron AM-100 and AM-101 Multiple Vulnerabilities |
| 13506 | SaltStack Salt Shell Injection Remote Code Execution Vulnerability |
| 13524 | Jira Server Template Injection Vulnerability (JIRA Security Advisory 2019-07-10) |
| 13543 | Apache Solr Remote Code Execution Vulnerability |
| 13548 | Webmin Remote Code Execution Vulnerability |
| 13560 | Citrix SD-WAN Center Multiple Security Vulnerabilities |
| 13578 | vBulletin routestring Remote Code Execution Vulnerability |
| 13580 | Webmin XXE Vulnerability authenticated Remote Code Execution |
| 13600 | Apache Solr Remote Code Execution Vulnerability |
| 13686 | PHPUnit Remote Code Execution Vulnerability |
| 13702 | LifeRay Multiple Remote Code Execution Vulnerability |
| 13706 | Grandstream UCM62XX Multiple Vulnerabilities |
| 13712 | Sonatype Nexus Repository Manager Multiple Vulnerabilities |
| 13730 | Draytek Command Injection Vulnerability |
| 13767 | QNAP QTS and Photo Station Multiple Security Vulnerabilities |
| 13769 | Sophos XG Firewall SQL injection Vulnerability |
| 13798 | VMware Spring Cloud Config Directory Traversal Vulnerability |
| 13824 | Drupal Core Arbitrary PHP Code Execution Vulnerability (SACORE-2020-013) |
| 13833 | Citrix ADC And Citrix Gateway Multiple Security Vulnerability (CTX276688) (unauthenticated check) |
| 13849 | SAP NetWeaver Application Server JAVA (LM Configuration Wizard) Multiple Vulnerabilities (2934135) |
| 13937 | vBulletin Remote Code Execution Vulnerability |
| 13966 | Wordpress File Manager Plugin Remote Code Execution Vulnerability |
| 13995 | SonicWall SONICOS Stack-Based Buffer Overflow Vulnerability (SNWLID-2020-0010) |
| 13998 | MobileIron Enterprise MDM servers Multiple Vulnerabilities |
| 14012 | Sitecore Experience Platform Deserialization of Untrusted Data Vulnerability |
| 38503 | HP OpenView Network Node Manager Remote Command Execution Vulnerability |
| 38789 | Multiple HP Printers Treck Network Stack Potential Vulnerabilities (Ripple20) |
| 38791 | F5 BIG-IP ASM,LTM,APM TMUI Remote Code Execution Vulnerability (K52145254) (unauthenticated check) |
| 38792 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability |
| 38833 | F5 BIG-IP ASM,LTM,APM Multiple vulnerabilities (K02566623) (unauthenticated check) |
| 38856 | Cisco TelePresence Video Communication Server (VCS) Apache Hypertext Transfer Protocol Server (HTTP Server) Vulnerability (cisco-sa-apache-httpd-2.4.49-VWL69sWQ) |
| 42430 | OpenSSL Memory Leak Vulnerability (Heartbleed Bug) |
| 42440 | Juniper Junos Space Multiple Vulnerabilities (JSA10627) |
| 43565 | Realtek SDK Command Injection Remote Code Execution Vulnerability |
| 44051 | FortiOS Path Traversal Vulnerability (FG-IR-22-369) (Unauthenticated Check) |
| 44054 | Fortigate FortiOS Arbitrary File Download Vulnerability (FG-IR-21-201) (Unauthenticated Check) |
| 50089 | Exim b64decode Remote Code Execution Vulnerability |
| 50108 | Microsoft Exchange Server Remote Code Execution Vulnerability (unauthenticated check) (ProxyLogon) |
| 50114 | Microsoft Exchange Server Multiple Vulnerabilities (ProxyShell) (unauthenticated) |
| 53012 | Exim Mail Server Multiple Vulnerabilities |
| 86573 | Apache Tomcat Multiple Vulnerabilities |
| 86882 | Red Hat JBoss Application Server Web Console and JMX Management Console Authentication Bypass Vulnerability |
| 87122 | HP System Management Homepage Multiple Vulnerabilities (HPSBMU02786) |
| 87304 | Apache Tomcat Information Disclosure and Remote Code Execution Vulnerability |
| 87308 | Apache Tomcat Multiple Vulnerabilities |
| 87400 | PHP 7 Remote Code Execution Vulnerability |
| 87412 | Cisco DCNM File Information Disclosure Vulnerability(cisco-sa-20150401-dcnm) |
| 87413 | Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check) |
| 150371 | Atlassian Jira Server and Data Center Arbitrary File Read (CVE-2021-26086) |
| 150832 | Adobe ColdFusion Arbitrary File Read Vulnerability (CVE-2024-20767) |
| 151051 | jQuery Cross-Site Scripting (XSS) Vulnerability (CVE-2020-11023) |
| 152010 | GeoServer Remote Code Execution (RCE) Vulnerability (CVE-2024-36401) |
| 152033 | ServiceNow Template Injection Vulnerability (CVE-2024-4879) |
| 152034 | ServiceNow Input Validation Vulnerability (CVE-2024-5217) |
| 152072 | Apache OFBiz Incorrect Authorization Vulnerability (CVE-2024-38856) |
| 152104 | Adobe Magento XML External Entity (XXE) Vulnerability (CVE-2024-34102) |
| 152160 | SolarWinds Web Help Desk Java Deserialization Remote Code Execution (RCE) Vulnerability (CVE-2024-28986) |
| 152161 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987) |
| 152178 | Apache OFBiz Forced Browsing Vulnerability (CVE-2024-45195) |
| 152229 | Ivanti Endpoint Manager (EPM) Remote Code Execution via SQL Injection Vulnerability (CVE-2024-29824) |
| 152257 | Ivanti Virtual Traffic Manager (vTM) Authentication Bypass Vulnerability (CVE-2024-7593) |
| 152292 | Palo Alto Networks Expedition Admin Account Takeover Vulnerability (CVE-2024-5910) |
| 152293 | Palo Alto Networks Expedition OS Command Injection Vulnerability (CVE-2024-9463) |
| 152295 | Palo Alto Networks Expedition SQL Injection Vulnerability (CVE-2024-9465) |
| 152304 | Zimbra Remote Code Execution (RCE) Vulnerability (CVE-2024-45519) |
| 152320 | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability (CVE-2024-37383) |
| 152345 | CyberPanel Remote Code Execution (RCE) Vulnerability (CVE-2024-51567) |
| 152367 | Ivanti CSA Path Traversal Vulnerability (CVE-2024-8963) |
| 152391 | Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability (CVE-2024-9379) |
| 152392 | Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-9380) |
| 152400 | CyberPanel Remote Code Execution (RCE) Vulnerability (CVE-2024-51378) |
| 152435 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2024-0012) |
| 152453 | Metabase Local File Inclusion (LFI) Vulnerability (CVE-2021-41277) |
| 152462 | ProjectSend Improper Authorization Vulnerability (CVE-2024-11680) |
| 152502 | Mitel MiCollab Authentication Bypass Vulnerability (CVE-2024-41713) |
| 152529 | Cleo Products Remote Code Execution (RCE) Vulnerability (CVE-2024-50623) |
| 152530 | Cleo Products Remote Code Execution (RCE) Vulnerability (CVE-2024-55956) |
| 152571 | IBM Aspera Faspex Code Execution Vulnerability (CVE-2022-47986) |
| 152592 | Aviatrix Network Controller Command Injection Vulnerability (CVE-2024-50603) |
| 152593 | Ivanti Connect Secure (ICS) Stack-based Buffer Overflow Vulnerability (CVE-2025-0282) |
| 152595 | Ivanti Policy Secure (IPS) Stack-based Buffer Overflow Vulnerability (CVE-2025-0282) |
| 152622 | Apache APISIX Remote Code Execution Vulnerability (CVE-2022-24112) |
| 152625 | Fortinet FortiOS Authorization Bypass Vulnerability (CVE-2024-55591) |
| 152626 | Ivanti Endpoint Manager (EPM) Path Traversal Vulnerabilities (CVE-2024-10811,CVE-2024-13159,CVE-2024-13160,CVE-2024-13161) |
| 152651 | FortiClientEMS SQL injection Vulnerability (CVE-2023-48788) |
| 152661 | SimpleHelp Remote Support Software Path Traversal Vulnerability (CVE-2024-57727) |
| 152751 | Fortinet FortiOS Authentication Bypass Vulnerability (CVE-2025-24472) |
| 152766 | Trimble Cityworks Insecure Deserialization Vulnerability (CVE-2025-0994) |
| 152775 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108) |
| 152779 | Apache OFBiz Forced Browsing Vulnerability (CVE-2024-45195) |
| 152783 | Craft CMS Remote Code Execution (RCE) Vulnerability (CVE-2025-23209) |
| 152801 | NAKIVO Backup and Replication Arbitrary File Read Vulnerability (CVE-2024-48248) |
| 152803 | Adobe ColdFusion AMF Deserialization Vulnerability (CVE-2017-3066) |
| 152821 | Apache Tomcat Remote Code Execution (RCE) Vulnerability (CVE-2025-24813) |
| 152859 | GitLab CE/EE Account Takeover Vulnerability (CVE-2023-7028) |
| 152900 | CrushFTP Authentication Bypass Vulnerability (CVE-2025-31161) |
| 152911 | Zimbra Cross-Site Scripting (XSS) Vulnerability (CVE-2023-34192) |
| 152917 | Ivanti Connect Secure (ICS) Stack-based Buffer Overflow Vulnerability (CVE-2025-22457) |
| 152918 | Ivanti Policy Secure (IPS) Stack-based Buffer Overflow Vulnerability (CVE-2025-22457) |
| 152955 | Fortinet FortiOS Out-of-bound Write Vulnerability (CVE-2024-21762) |
| 152956 | Fortinet FortiOS Heap Buffer Overflow Vulnerability (CVE-2023-27997) |
| 152957 | Fortinet FortiOS Heap Buffer Overflow Vulnerability (CVE-2022-42475) |
| 152779 | Apache OFBiz Forced Browsing Vulnerability (CVE-2024-45195) |
| 152783 | Craft CMS Remote Code Execution (RCE) Vulnerability (CVE-2025-23209) |
| 152801 | NAKIVO Backup and Replication Arbitrary File Read Vulnerability (CVE-2024-48248) |
| 152803 | Adobe ColdFusion AMF Deserialization Vulnerability (CVE-2017-3066) |
| 152821 | Apache Tomcat Remote Code Execution (RCE) Vulnerability (CVE-2025-24813) |
| 152859 | GitLab CE/EE Account Takeover Vulnerability (CVE-2023-7028) |
| 152900 | CrushFTP Authentication Bypass Vulnerability (CVE-2025-31161) |
| 152911 | Zimbra Cross-Site Scripting (XSS) Vulnerability (CVE-2023-34192) |
| 152917 | Ivanti Connect Secure (ICS) Stack-based Buffer Overflow Vulnerability (CVE-2025-22457) |
| 152918 | Ivanti Policy Secure (IPS) Stack-based Buffer Overflow Vulnerability (CVE-2025-22457) |
| 152955 | Fortinet FortiOS Out-of-bound Write Vulnerability (CVE-2024-21762) |
| 152956 | Fortinet FortiOS Heap Buffer Overflow Vulnerability (CVE-2023-27997) |
| 152957 | Fortinet FortiOS Heap Buffer Overflow Vulnerability (CVE-2022-42475) |
| 20192 | Oracle Database 12.2.0.1 Critical Patch Update - October 2020 (Unauthenticated) |
| 20194 | Oracle Database 12.1.0.2 Critical Patch Update - October 2020 (Unauthenticated) |
| 20196 | Oracle Database 11.2.0.4 Critical Patch Update - October 2020 (Unauthenticated) |
| 20218 | Oracle Database 12.2.0.1 Critical Patch Update - April 2021 (Unauthenticated) |
| 20220 | Oracle Database 12.1.0.2 Critical Patch Update - April 2021 (Unauthenticated) |
| 216334 | VMware vCenter Server Multiple Security Vulnerabilities (VMSA-2024-0019) |
| 216335 | VMware ESXi 7.0 Multiple Security Vulnerabilities (VMSA-2025-0004) |
| 216336 | VMware ESXi 8.0 Multiple Security Vulnerabilities (VMSA-2025-0004) |
| 216337 | VMware ESXi 6.7 Multiple Security Vulnerabilities (vmware-esxi-67-patch-release) |
| 591049 | Reolink RLC-410W device network settings OS command injection Multiple Vulnerabilities (TALOS-2021-1424) |
| 591445 | Siemens RUGGEDCOM APE1808 Multiple Vulnerabilities V1.0 (SSA-354569) (ICSA-24-338-02) |
| 591477 | Edimax IC-7100 IP Camera OS Command Injection Vulnerability (ICSA-25-063-08) |
| 591495 | Siemens RUGGEDCOM APE1808 before V11.0.1 Multiple Vulnerabilities V1.2 (SSA-822518) (ICSA-24-102-03) |
| 730154 | Atlassian Jira Server and Data Center Path traversal Vulnerability (JRASERVER-72695) |
| 730322 | Metabase Local File Inclusion (LFI) Vulnerability |
| 730764 | Cisco Small Business RV (016|042|42G|082|320|325) Routers Remote Command Execution Vulnerability (cisco-sa-sbr042-multi-vuln-ej76Pke5) |
| 731238 | Ruckus Wireless Multiple Security Vulnerabilities |
| 731285 | Progress Kemp LoadMaster Unauthenticated Command Injection Vulnerability |
| 731717 | SolarWinds Web Help Desk Broken Access Control Vulnerability |
| 731721 | Dahua IP Camera Authentication Bypass Vulnerability |
| 731723 | SonicWall SONICOS Improper Access Control Vulnerability (SNWLID-2024-0015) |
| 731741 | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (Intrusive Check) |
| 731742 | Draytek VigorConnect Multiple Vulnerabilities |
| 731745 | Apache OFBiz Multiple Vulnerabilities (OFBIZ-13130,OFBIZ-13132) |
| 731817 | D-Link DIR820 Command Injection Vulnerability |
| 731819 | DrayTek Vigor Remote Code Execution (RCE) Vulnerability (Intrusive Check) |
| 731836 | Palo Alto Networks Expedition Multiple Vulnerabilities (Unauthenticated Check) |
| 731853 | SonicWall Secure Remote Access SQL Injection Vulnerability |
| 731868 | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability |
| 731872 | CyberPanel Remote Code Execution (RCE) Vulnerability |
| 731882 | PTZOptics PT30X-SDI/NDI-xx Multiple Security Vulnerabilities |
| 731885 | Ivanti Cloud Services Appliance Command Injection Vulnerability (Unauthenticated Check) |
| 731895 | Schneider Electric U.Motion Builder Remote Code Execution (RCE) Vulnerability (SEVD-2019-071-02) |
| 731919 | Palo Alto Networks (PAN-OS) Authentication Bypass Vulnerability (Unauthenticated Check) |
| 731920 | Palo Alto Networks (PAN-OS) Privilege Escalation Vulnerability (Intrusive Check) |
| 731962 | ProjectSend Improper Authorization Vulnerability (Intrusive Check) |
| 731964 | Zyxel Firewall Directory Traversal Vulnerability |
| 731973 | North Grid Proself Extensible Markup Language (XML) Vulnerability |
| 731976 | Mitel MiCollab Authentication Bypass Vulnerability (MISA-2024-0029) |
| 732081 | Cleo Remote Code Execution (RCE) Vulnerability |
| 732128 | BeyondTrust Remote Support Command Injection Vulnerability |
| 732134 | Acclaim Systems USAHERDS Hard-Coded Credentials Vulnerability |
| 732142 | D-Link Router Command Injection Vulnerability (SAP10282) |
| 732163 | SonicOS Multiple Security Vulnerabilities (SNWLID-2025-0003) |
| 732166 | Ivanti Connect Secure Multiple Vulnerabilities |
| 732167 | Ivanti Policy Secure Multiple Vulnerabilities |
| 732171 | Aviatrix Network Controller Command Injection Vulnerability |
| 732174 | Oracle Agile Product Lifecycle Management (PLM) Remote Code Execution (RCE) Vulnerability |
| 732189 | SimpleHelp Multiple Security Vulnerabilities |
| 732228 | Trimble Cityworks Insecure Deserialization Vulnerability |
| 732234 | Ivanti Connect Secure Multiple Vulnerabilities |
| 732239 | Palo Alto Networks (PAN-OS) Authentication Bypass in the Management Web Interface Vulnerability (PAN-273971) (Unauthenticated Check) |
| 732244 | BeyondTrust Privileged Remote Access Command Injection Vulnerability |
| 732245 | Zyxel Router Multiple Security Vulnerabilities |
| 732247 | Sophos XG Firewall Buffer Overflow and Remote Code Execution (RCE) Vulnerability |
| 732251 | WSO2 API Manager Remote Code Execution (RCE) Vulnerability (WSO2-2021-1738) |
| 732253 | SonicWall SonicOS Authentication Bypass Vulnerability |
| 732291 | Mitel SIP Phone Command Injection Vulnerability (Mitel Product Security Advisory 24-0019) (Intrusive Check) |
| 732292 | Reolink Cameras Remote Code Execution (RCE) Vulnerability |
| 732293 | Sophos CyberoamOS SQL Injection Vulnerability (CVE-2020-29574) |
| 732303 | Hitachi Pentaho Business Analytics Server Multiple Vulnerabilities |
| 732305 | Nakivo Backup and Replication Arbitrary File Read Vulnerability (CVE-2024-48248) |
| 732306 | NUUO NVRmini 2 Remote Code Execution (RCE) Vulnerability |
| 732312 | NUUO NVRmini Remote Code Execution (RCE) Vulnerability |
| 732316 | WatchGuard Firebox Management Remote Code Execution (RCE) Vulnerability |
| 732342 | Apache Tomcat Path Equivalence Remote Code Execution (RCE) Vulnerability (Intrusive Check) |
| 732348 | Atlassian Crowd Data Center and Server Multiple Denial of Service (DoS) Vulnerabilities (CWD-6341, CWD-6342) |
| 732359 | Edimax IC-7100 IP Camera OS Command Injection Vulnerability |
| 732384 | WatchGuard Firebox Management Privilege Escalation Vulnerability |
| 732389 | Sitecore Experience Platform Insecure Deserialization Vulnerability |
| 732390 | Sitecore Experience Platform Insecure Deserialization Vulnerability |
| 732399 | CrushFTP Authentication Bypass Vulnerability (Unauthenticated Check) |
| 732410 | Ivanti Policy Secure Remote Code Execution (RCE) Vulnerability |
| 732427 | Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus Remote Code Execution (RCE) Vulnerability |
| 78060 | Array Networks ArrayOS AG/vxAG Remote Code Execution (RCE) Vulnerability |
| 87461 | SAP NetWeaver AS Java Directory Traversal Vulnerability (2486657) |
Vulnerabilities detected by remote scans
This profile includes all the vulnerabilities that are remotely scanned. The EASM lightweight scan is performed every three days for this profile.
| TCP | UDP |
|---|---|
| 11 | 7 |
| 13 | 13 |
| 15 | 17 |
| 17 | 19 |
| 19-23 | 37 |
| 25 | 53 |
| 37 | 67-69 |
| 42 | 111 |
| 53 | 123 |
| 66 | 135 |
| 69-70 | 137 |
| 79-81 | 161 |
| 88 | 177 |
| 98 | 407 |
| 109-111 | 464 |
| 113 | 500 |
| 118-119 | 517-518 |
| 123 | 520 |
| 135 | 1434 |
| 139 | 1645 |
| 143 | 1701 |
| 220 | 1812 |
| 256-259 | 2049 |
| 264 | 3527 |
| 371 | 4569 |
| 389 | 4665 |
| 411 | 5036 |
| 443 | 5060 |
| 445 | 5632 |
| 464-465 | 6502 |
| 512-515 | 7778 |
| 523-524 | 15345 |
| 540 | |
| 548 | |
| 554 | |
| 563 | |
| 580 | |
| 593 | |
| 636 | |
| 749-751 | |
| 873 | |
| 900-901 | |
| 990 | |
| 992-993 | |
| 995 | |
| 1080 | |
| 1114 | |
| 1214 | |
| 1234 | |
| 1352 | |
| 1433 | |
| 1494 | |
| 1508 | |
| 1521 | |
| 1720 | |
| 1723 | |
| 1755 | |
| 1801 | |
| 2000-2001 | |
| 2003 | |
| 2049 | |
| 2301 | |
| 2401 | |
| 2447 | |
| 2690 | |
| 2766 | |
| 3128 | |
| 3268-3269 | |
| 3306 | |
| 3372 | |
| 3389 | |
| 4100 | |
| 4443-4444 | |
| 4661-4662 | |
| 5000 | |
| 5432 | |
| 5555-5556 | |
| 5631-5632 | |
| 5634 | |
| 5800-5802 | |
| 5900-5901 | |
| 6000 | |
| 6112 | |
| 6346 | |
| 6387 | |
| 6666-6667 | |
| 6699 | |
| 7007 | |
| 7100 | |
| 7161 | |
| 7777-7778 | |
| 8000-8001 | |
| 8010 | |
| 8080-8081 | |
| 8100 | |
| 8888 | |
| 8910 | |
| 9100 | |
| 10000 | |
| 12345-12346 | |
| 20034 | |
| 21554 | |
| 32000 | |
| 32768-32790 |
To view the list of remote scan QIDs, follow these steps:
1. Navigate to the VM/VMDR module > Scans > Search Lists.
2. Select a search list and click Info from the Quick Actions menu to view the Vulnerability Search List Information window.
4. Click the QIDs tab to view the list of QIDs that can be detected by the remote scan.
When the EASM lightweight scan is completed, you can view the vulnerability details under EASM > Vulnerabilities tab.
Related Topics
Learn more about Option Profiles