Acunetix 360 On-Demand - v24.8.0

This update includes changes to the internal and cloud agents. The internal scan agent’s current version is 24.8.0.

New Security Checks

  • Added a check for Authentication bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
  • Added a check for Open SSH server RCE (CVE-2024-6387)
  • Added a check for cached pages that contain sensitive data (CWE-525)
  • Incorporated the reporting of sensitive information disclosures from Okta

Improvements

  • Added more links from the global dashboard widgets to the corresponding sections in the UI
  • Scheduled scans that repeatedly fail with the same result can now be automatically disabled
  • Unlinked API specs from the scan profile automatically unlink on the API Inventory page as well
  • Added the ability to navigate from the API operation vulnerability count in the API Inventory to a filtered list of vulnerabilities on the Issues page
  • Reverted the fix for a problem in the JWT Engine that was intended to resolve a false positive issue

Fixes

  • Fixed an issue that was causing intermittent errors in PCI reports
  • Fixed the ‘Bad Request’ error that was occurring in the vulnerability details of scan reports
  • Fixed an issue where the character 'ñ' was causing errors when updating or adding new users
  • Fixed the issue that was preventing deletion of unused scan policies
  • Fixed the issue where additional website vulnerabilities were being stored as target vulnerabilities
  • Fixed the missing tooltips for source errors on the API Sources page
  • Fixed the issue where the linked target URL was clickable even when the API specification was hidden
  • Resolved an issue that was causing an error when modifying the Settings in Acunetix 360