Acunetix 360 On-Premises - v24.5.0

New Features

  • Predictive Risk Scoring – prioritize your web asset discovery results according to their potential risk before you scan them. Learn more in our Introduction to Predictive Risk Scoring and guide to Utilizing Predictive Risk Scoring
  • Enabled Korean language support
  • A new API Token encryption method for Agents/Verifier Agents
  • Added a pre-request script to generate AWS Signature tokens to perform authentication
  • CVSS 4.0 scores are now available via API
  • Added the ability to include/exclude main-level domains in the Discovery settings

New Security Checks

  • Added detection method for Angular
  • Added a new security check for Oracle EBS RCE
  • Added a new security check for TLS/SSL certificate key size too small issue
  • Improved WP Config detection over backup files
  • Added a new security check for authentication bypass and command injection in Ivanti ICS and Ivanti Policy Secure (CVE-2023-46805 and CVE-2024-21887)
  • Added detection for exposed WordPress configuration files
  • Added a new security check that reports two vulnerabilities: TorchServe Management API Publicly Exposed and TorchServe Management API SSRF (CVE-2023-43654)
  • Command Injection in VMware Aria Operations for Networks can now be detected
  • Added a new signature for Stack Trace Disclosures (ASP.Net)
  • Added a new security check for Client-Side Prototype Pollution

Improvements

  • Improved AWS Secret Key ID detection security checks
  • Improved Google Cloud API Key detection security checks
  • Updated remediation information for Angular JS-related vulnerabilities
  • Improved Boolean-based MongoDB Injection detection method
  • Updated all IAST sensors to support Java 17 and 21
  • Added highlighting and verification of response status codes to the BREACH engine
  • Updated the notes section of the [Possible] Cross-Site Scripting issue detail to cover MIME sniffing
  • Increased the default severity level of Version Disclosure (Varnish) from 'Information' to 'Low'
  • Improved WordPress Config detection over backup files
  • The Agent type (Arm or Intel) information is now displayed on the Scan Summary page
  • Permissions on the General Settings screen are now grouped by category rather than listed without being categorized
  • Added an option to enable or disable the JavaScript Parser, facilitating JavaScript parameter discovery within the JavaScript code
  • The Jenkins plugin now routes requests through the proxy
  • The Team Administrator role checkbox is now in a separate Limiting Permissions Role section of the UI

Fixes

  • Adjusted the settings for SSL certificate errors to resolve a scan failure 'target link timeout error'
  • Fixed a bug in the automatic sign out functionality when the session timeout period has expired
  • Resolved an issue with downloading HTTP request logs
  • Fixed a validation error when validating AcuSensor settings
  • Fixed an issue with duplicate custom user agents that was preventing scanning
  • Fixed an issue where authentication would fail when started with an Authentication profile
  • Fixed an issue that caused proxy usage for Chromium even when no proxy was selected from the scan policy settings
  • Fixed a scan authentication issue and a crawling issue with Cloud Agents
  • Fixed the HTTP 401 forbidden response form authentication error
  • Fixed an issue with the detection method for wp-admin vulnerabilities
  • Fixed an error that was occurring when generating knowledge base reports
  • Fixed a scan issue that was producing 413 error responses
  • Fixed a bug in the API Access settings
  • Resolved an issue with custom severity levels that were reverting to their previous level
  • Fixed a bug in the API update command for scan profiles
  • Removed limits on AWS Discovery port filters
  • Technologies identified during failed scans are no longer displayed
  • Fixed a bug in the scan retention period settings that was causing inaccurate information in the Recent Scans list
  • The Last Login Date is now aligned between the UI and the API
  • Fixed an issue with the detection method for wp-admin vulnerabilities
  • Fixed the issue where scan profiles could not be created through automation tools, Postman, or through the Acunetix 360 API Documentation page
  • Fixed the issue with scans that were stuck in ‘Delayed’ or ‘Archiving’ status
  • Fixed an issue that was occurring with the Jira Integration when the Jira URL was set as Localhost
  • Fixed a scan authentication issue and a crawling issue with Cloud Agents
  • Fixed an issue that was occurring when websites were added with both http and https protocols
  • The scan report pdf file name now includes the time and date when it is delivered via the scan completed notification
  • Fixed the 504 error that was appearing when running the Scans_NewWithProfile endpoint
  • Fixed a bug that was preventing retest scans from launching
  • Fixed the HTTP 401 forbidden response form authentication error
  • Fixed a scan issue that was producing 413 error responses
  • Resolved a cookie use on subdomains issue that was causing a scan authentication and crawling issue
  • Fixed an issue that was causing a memory issue in JavaScript Parser
  • Fixed an issue with the custom script editor that was stopping it from loading the form authentication fields
  • Disabled BREACH attack from the default security checks policy
  • Fixed the issue where users were unable to load the Scan Report
  • Fixed the issue where internal scans were not failing if their Agents were terminated
  • Fixed the Azure Boards integration, which was reported to have been suspended by itself
  • Fixed query optimization on the main Scans page, resulting in improved response time and query quality
  • The page number in the Custom Script Editor is now correctly displayed
  • When the personal access token has expired, the Azure Boards Integration is now disabled
  • Fixed concurrency exceptions occurring for the scan and website tables due to excessive update requests sent within a short timeframe
  • The issues counter on the Dashboard now displays the correct number of issues
  • Fixed an issue when Team Administrator and Account Owner roles are assigned to the same user