Acunetix Premium - v23.8.230905089

New features

  • Added critical severity as a new vulnerability level (for more information, check out our blog)

New security checks

  • Added security check for appwrite SSRF: CVE-2023-27159
  • Added security check for Metabase RCE: CVE-2023-38646
  • Updated WAF detection
  • Added security check for Ivanti EPMM Unauthenticated API Access: CVE-2023-35078
  • Added security check for MinIO Information Disclosure: CVE-2023-28432
  • Added security check for KeyCloak XSS: CVE-2021-20323
  • Added security check for Strapi Cognito provider Auth Bypass: CVE-2023-22893
  • Added security check for ServiceNow XSS: CVE-2022-38463
  • Added security check for SAP NetWeaver KW XSS: CVE-2021-42063
  • Added security check for XProber Information Disclosure
  • Added security check for SAP NetWeaver DI SSRF: CVE-2021-33690
  • Added security check for open Consul API detection
  • Updates to vulnerable WordPress plugins


  • Upgraded to OpenSSL 3.1.2 (On-Premises only)
  • Improved LSR restrictions
  • Improved scanning so that repeated links with the same content are not detected
  • Improved scanning of recursive relative links
  • Crawling improvements by excluding repeated inexistent paths
  • When an issue is pushed to the issue tracker, the vulnerability detail shows the issue’s  URL for easier navigation
  • Updated the Software Composition Analysis (SCA) database
  • IAST – moved the .NET folder from ProgramData\Acunetix to ProgramData\Invicti folder. The Injector.exe (IAST .NET framework automatic installation tool) will force upgrade if an older version of IAST .NET Sensor is installed.


  • Fixed a bug that was preventing starting a scan from Target Groups
  • Fixed a bug that was preventing System Admins from adding targets to Target Groups