Acunetix 360 On-Demand - v24.3.1

This update includes changes to the internal agents. The internal scan agent’s current version is 24.3.1. The internal authentication verifier agent’s current version is 24.3.1.

New features

  • Provided a new encryption method of API Token for Agent/Verifier Agent
  • The CVSS 4.0 scores are now available via API
  • A new feature to make the Discovery settings more precise - ability to include/exclude main level domains - reached Early Access for selected customers
  • The pre-request script will now have the capability to generate AWS signature tokens to perform authentication

New security checks

  • Added a new security check for TLS/SSL certificate key size too small issue
  • Added a new security check for  CVE-2023-46805 / CVE-2024-21887
  • Added a new signature for Stack Trace Disclosures (ASP.Net)
  • Added a new security checks for Client-Side Prototype Pollution
  • Added a new Security Check that allows to report two vulnerabilities: TorchServe Management API Publicly Exposed and TorchServe Management API SSRF (CVE-2023-43654)
  • Command Injection in VMware Aria Operations for Networks can now be detected

Improvements

  • Improved WP Config detection over backup files
  • Report template of Possible XSS is updated to cover mime sniffing
  • The Agent type (Arm or Intel) information is displayed on the Scan Summary page
  • The Permissions on the General Settings screen are now grouped by category rather than listed without being categorised
  • A feature allowing the enabling or disabling of the JavaScript Parser has been added, facilitating JavaScript parameter discovery within the JavaScript code
  • Fixed the issue where the Jenkins plug-in sent requests directly to the default gateway instead of routing them through the proxy
  • The Team Administrator role checkbox is in a separate 'Limiting Permissions Role' section

Fixes

  • Disabled the BREACH Security Engine
  • Increased the default Severity level of Version Disclosure (Varnish) from 'Information' to 'Low'
  • Fixed the issue where users were unable to load the Scan Report
  • Fixed the issue where Internal Scans were not failing if their Agents were terminated
  • Fixed the Azure Boards integration, which was reported to have been suspended by itself
  • Fixed the issue where the customer couldn't scan their target with the additional website properly
  • Fixed query optimization on the main Scans page, resulting in improved response time and query quality
  • The page number in the Custom Script Editor is now correctly displayed
  • When the Token is expired, the Azure Boards Integration is disabled
  • Fixed concurrency exceptions occurring for the scan and website tables due to excessive update requests sent within a short timeframe
  • The Issues counter on the Dashboard now displays the correct number of issues
  • Fixed the inability of the custom script editor to load the form authentication fields
  • Fixed an issue when Team Administrator and Account Owner role are assigned to the same user