Acunetix 360 On-Premises - v23.12.0

NEW FEATURES

  • Added the ability to pull a PCI Report from the CloneSystem itself by using API endpoints
  • Added the option for customers to define a namespace for their HashiCorp integration
  • Enhanced reporting capabilities with more attributes available in .csv exports and the option to do a .csv export in more places in the UI
  • Added an option under New Scan Policy > Ignored Parameters to allow customers to set 'Cookie' as a type of ignored parameter
  • Added a setting for administrators to enable internal agents to get VDB updates from the WebApp to avoid routing and proxy issues
  • Added the option for administrators to hide sensitive data (passwords, tokens, session IDs, etc.) from the UI
  • Added functionality to the Dashboard so that you can drill down to view more information when clicking on the Severities and Securities Overview section
  • Added an option under General > Settings to require a password for edit access to custom scripts
  • Added an option under General > Settings to set a session timeout limit for all users
  • We now support AWS IAM Roles as an authentication method

NEW SECURITY CHECKS

  • Added new checks for the WordPress Login with Phone Number Plugin: CVE-2023-23492
  • Added new checks for the WordPress JupiterX Core Plugin: CVE-2023-38389, CVE-2023-38388

IMPROVEMENTS

  • Added support for custom authentication tokens without token type
  • Improved LFI attack patterns for better accuracy
  • Fixed some vulnerabilities in the Docker image
  • Stricter sensitive data rules
  • Improved bot detection bypass scenarios
  • Added a warning message when selecting or assigning the Team Administrator role

FIXES

  • Fixed a sensitive data issue when uploading a pre-request script
  • Fixed a bug that was preventing scheduling group scans using API
  • Fixed custom header values in scan profiles so that they are masked
  • Docker Cloud Stack check has been updated to reduce noise
  • SSL/TLS classification updated from CWE-311 to CWE-319
  • Fixed a bug in scheduling group scans with API
  • Removed 401 to 500 status code conversion for internal agent requests
  • Changed the IP range limitation for excluded IPs in Discovery Settings to fix the Invalid IP address error
  • Fixed an issue with scheduled scans not following the scan time window
  • Fixed the problem with scan failed logs not appearing in activity logs
  • Fixed the broken verify login and logout function in scan profiles
  • Updated the vulnerability severity ranking so that issues are correctly sent to integrated issue tracking systems
  • Changed the Active Issue count on the dashboard so that it is consistent with the number when you click on it
  • Fixed an issue with accessing a scan profile
  • Fixed an issue related to having multiple integrations with the same project but with different issue types
  • Fixed an issue in the 'Basic, Digest, NTLM/Kerberos, Negotiate Authentication' settings for scans
  • Fixed the Jira Server integration issue that was causing only some Jira users to display when configuring Jira Field Mappings
  • Fixed an incorrect timezone setting
  • Fixed a bug that was causing URL rewrite rules to not be included in the Export Knowledge Base report
  • Fixed a problem with the internal agent not sending a heartbeat to the web app when in archiving state
  • Fixed an issue with Jira-related integration information being removed from the issue history when a previous scan is deleted
  • Fixed an internal agent issue that was causing an exception when registering a vulnerability
  • Fixed an issue that was causing the Knowledgebase, Crawled URLs, and Scanned URLs to fail when there is no content
  • Fixed the missing mapping for Proxy Bypass On Local that was not saving when a scan policy was saved
  • Fixed a bug that was duplicating roles when a Team Administrator modified another Team Administrator direct role assignment
  • Fixed version information reported in Web App Fingerprint Vulnerabilities