Acunetix Standard & Premium

New features

• Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

New security checks

• XWiki Platform RCE (CVE-2023-37462)
• Dolibarr DB Theft (CVE-2023-33568)
• ChatGPT-Next-Web SSRF (CVE-2023-49785)
• OpenMetadata Auth Bypass (CVE-2024-28255)
• Progress Kemp LoadMaster RCE (CVE-2024-1212)
• Coldfusion Arbitrary File Read (CVE-2024-20767)

Improvements

• Fixed the password reset tool for Windows for Acunetix On-Premises
• .NET Core IAST Sensor: Removed dependency on NLog
• Various improvements in Deepscan, lessening the time to process pages / SPAs
• Deepscan updated to not interact with Google Maps
• Updated detection for monitoring systems
• Updated detection of web installers

Fixes

• Correct warning is now displayed when attempting to add more than permitted target variations
• Addressed several usability and design issues across application settings
• Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
• Design updates for User settings in Acunetix Online
• Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
• For users in a User Group, target group assignment is properly applied under all scenarios
• Fixed a user permission issue when using custom roles
• Invite emails from Acunetix On-Premises for Linux are properly displaying content now
• Fixed the OOM (out of memory) problem when processing large PDF files

New features

• Smart API Scanning capabilities for Swagger 2
• Smart API Scanning capabilities for OpenAPI 3

New security checks

• Jira Seraph Authentication Bypass (CVE-2022-0540)
• Jira QueryComponent Information Disclosure (CVE-2020-14179)
• TeamCity Authentication Bypass (CVE-2024-27198)
• Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
• Cacti Unauthenticated Command Injection (CVE-2022-46169)

Improvements

• Improved Crawling of websites using IFrames
• .NET IAST sensor will report SQL Injection issues introduced through the usage of MSSQL Entity Framework Sql_Query
• Improved detection of DOM XSS in Referrer Header
• Improved detection of DOM XSS in document.cookie

Fixes

• Fixed a situation when a new target couldn’t be created via API
• Fixed: Missing HTTP response for vulnerabilities reported by internal scanning agent
• Fixed: Missing Attack Details for Unsupported SSL Secure Renegotiation vulnerability

New features

• Added the ability to use Aria Roles to provide better coverage
• Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
• .NET IAST now supports .NET 8 (currently in Open Beta)

New security checks

• XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
• Magento 2.0-2.3 End of life
• ColdFusion Access Control bypass (CVE-2023-29298 / CVE-2023-38205)
• ColdFusion XSS (CVE-2023-44352)
• Skype for Business SSRF (CVE-2023-41763)
• VMware Aria Operations for Networks RCE (CVE-2023-20887)
• IBM Aspera Faspex RCE (CVE-2022-47986)
• GeoServer SSRF (CVE-2021-40822)
• WSO2 Management Console XSS (CVE-2022-29548)
• SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
• LISTSERV XSS (CVE-2022-39195)
• Unrestricted access to MLflow
• KeyCloak Information Disclosure (CVE-2020-27838)
• CloudPanel file-manager Auth bypass (CVE-2023-35885)
• TestRail Information Disclosure (CVE-2021-40875)
• Grafana Snapshot Authentication Bypass (CVE-2021-39226)
• Harbor Unauthorized Access Vulnerability
• Ghost CMS Theme Path Traversal (CVE-2023-32235)
• cPanel XSS (CVE-2023-29489)
• GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
• Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core API Auth bypass (CVE-2023-35082)
• Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
• Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
• RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
• GeoServer WMS SSRF (CVE-2023-43795)
• Ivanti Sentry Authentication Bypass (CVE-2023-38035)
• SAP SAP BusinessObjects Business Intelligence Platform XXE (CVE-2022-28213)
• SysAid On-Premise RCE (CVE-2023-47246)
• Multiple ColdFusion WDDX Deserialization RCEs (CVE-2023-44353 / CVE-2023-38203 / CVE-2023-38204)

Improvements

• Updated Chromium to 121.0.6167.139/140
• Improved detection of DOM-based Cross Site Scripting (XSS)
• Improved the way that “Content Security Policy Misconfiguration” alerts are reported
• Improved detection of Client Side Prototype Pollution (CSPP)
• IAST scans will start reporting the IAST sensor version used for the scan
• New column “Result” is shown in the list of scans to provide more details about scan outcome
• Enhanced support for OTP apps by displaying the activation code next to the QR code
• Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
• Added the ability to scan web applications which require browsing in a single browser tab
• Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
• When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations

Fixes

• Fixed a bug caused by the engine not respecting Cache-Control directive
• In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
• Fixed several minor user experience issues across the application
• Removed deprecated X-Frame Options check

New features

• The Java IAST sensor has been updated to support Java 17 and removes the requirement for AspectJWeaver
• Changes to the mechanism that manages services for Acunetix On-Premises for Docker and Linux (Customers using Acunetix On-Premises for Docker or Linux need to manually update to version 24.1)

New security checks

• Improved Elmah security check to check for variants of Elmah
• OpenCms Chemistry Solr XML External Entity (XXE) (CVE-2023-42346)
• OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
• TorchServe Management API SSRF (CVE-2023-43654)
• Updated vulnerabilities for WordPress Core and WordPress plugins
• Ofbiz PreAuth RCE (CVE-2023-49070)
• F5 BIG-IP Request Smuggling (CVE-2023-46747)
• Sitecore XP TemplateParser RCE (CVE-2023-35813)
• Added a check for SSRF/LFI via PDF generation
• Added a check for file inclusion/path traversal when the response is shown inside a PDF

Improvements

• Updated .NET (core) IAST sensor to hook new functions
• The scanner will now properly report when the protocol (http/https) is changed at the start of the scan
• Increased the size limit to 10kB for supported Client Certificates for authenticated scans
• Updated to Chromium 119.0.6045.199/200
• Users can opt-in to receive a direct download link instead of a PDF report attachment (On-Prem only)
• Improved crawling of Single Page Applications (SPA) that are using React
• Improved crawling of Single Page Applications (SPA) that are using the Angular Framework
• Improved crawling of Single Page Applications (SPA) that are using the Vue.js Framework
• New User Profile design
• A refreshed UI with a new navigational experience

Fixes

• Fixed an issue that was causing some vulnerabilities not to be exported to Amazon AWS WAF
• Fixed a Deepscan and LSR issue caused when a page overrides the standard window.* methods
• Notifications about scans that require manual intervention are now correctly displayed wherever the user is located (On-Prem only)
• Fixed a number of scanner crashes

Improvements

• Improvements to our Elmah security check
• Improvements for Server Side Template Injection vulnerabilities (SSTI)
• Additional logs for SSO

Fixes

• Fixed a crash on Postman import
• Client Certificate for target import fix