Acunetix Premium - v23.8.230905089

New features

• Added critical severity as a new vulnerability level (for more information, check out our blog)

New security checks

• Added security check for appwrite SSRF: CVE-2023-27159
• Added security check for Metabase RCE: CVE-2023-38646
• Updated WAF detection
• Added security check for Ivanti EPMM Unauthenticated API Access: CVE-2023-35078
• Added security check for MinIO Information Disclosure: CVE-2023-28432
• Added security check for KeyCloak XSS: CVE-2021-20323
• Added security check for Strapi Cognito provider Auth Bypass: CVE-2023-22893
• Added security check for ServiceNow XSS: CVE-2022-38463
• Added security check for SAP NetWeaver KW XSS: CVE-2021-42063
• Added security check for XProber Information Disclosure
• Added security check for SAP NetWeaver DI SSRF: CVE-2021-33690
• Added security check for open Consul API detection
• Updates to vulnerable WordPress plugins

Improvements

• Upgraded to OpenSSL 3.1.2 (On-Premises only)
• Improved LSR restrictions
• Improved scanning so that repeated links with the same content are not detected
• Improved scanning of recursive relative links
• Crawling improvements by excluding repeated inexistent paths
• When an issue is pushed to the issue tracker, the vulnerability detail shows the issue’s  URL for easier navigation
• Updated the Software Composition Analysis (SCA) database
• IAST – moved the .NET folder from ProgramData\Acunetix to ProgramData\Invicti folder. The Injector.exe (IAST .NET framework automatic installation tool) will force upgrade if an older version of IAST .NET Sensor is installed.

Fixes

• Fixed a bug that was preventing starting a scan from Target Groups
• Fixed a bug that was preventing System Admins from adding targets to Target Groups