Acunetix 360 On-Demand 13 Oct 2022

This update includes changes to the internal agents. The internal scan agent's current version is The internal authentication verifier agent's current version is


  • Added auto-GraphQL attack after endpoint is detected.


  • Added MongoDB Time-based (Blind) Injection.
  • Added SQLite Boolean SQL Injection.
  • Added MongoDB Error-based Injection.


  • Improved the Trend Matrix Report exporting to include the severity information as well.
  • Improved the HashiCorp integration to authenticate with user tokens, too.
  • Updated Vulnerability Detection Logic in the JWT engine.
  • Improved the GraphQL scanning to include the separated comment lines in GraphQL files.
  • Improved the Authentication Verifier Agent to work with self-signed SSL.
  • Improved the Azure Pipeline Extension to generate a scan report on the release pipeline.
  • Updated Liferay Portal signature & added a mapping for version conversion.


  • Fixed a bug that corrupts the header authentication credentials after updating the scheduled scan.
  • Fixed the status information showing different data on the Discovered Webpages page.
  • Fixed the Docker Agent build fail because of the compiler package.
  • Fixed the Total Elapsed and Average Time values displaying 00:00:00 on the Scan Performance tab of the Technical Report.
  • Fixed the time values displaying 00:00:00 on the Crawling Performance node of the Technical Report.
  • Fixed the Authentication Verifier Agent’s time zone bug.
  • Fixed the bug that duplicates the login page when users try to revalidate the login form.
  • Fixed the bug on the user interface of ServiceNow Incident Management integration that caused issues with the On Hold status.
  • Fixed the bug on the user interface of ServiceNow Incident Management integration that caused issues with the Closed status.
  • Fixed the Single Sign-on - encryption certification issue.
  • Fixed the web security issue for the origin header problem.
  • Fixed the sitemap bug that caused missing information when imported.
  • Fixed the bug that threw an error, as HTTP Requester deletes the whole body part of the request which contains the login credentials.
  • Fixed highlighting CSP Directives in different header issues.
  • Fixed duplicate bearer tokens for some requests.
  • Fixed an issue that resulted in false positive Cross-site Scripting (DOM-based).
  • Fixed the bug that shows the previous version of VDB.
  • Fixed parseable false attack patterns place.