Acunetix Premium - v24.6.240626115

New Features

  • Security checks can now be auto-updated without requiring a full product update

New Security Checks

  • SolarWinds Serv-U directory transversal (CVE-2024-28995)
  • Ivanti EPM SQL Injection / RCE (CVE-2024-29824)
  • Rejetto HTTP File Server SSTI / RCE (CVE-2024-23692)
  • PHP CGI Argument Injection (CVE-2024-4577)
  • Telerik Report Server - Authentication Bypass (CVE-2024-4358)
  • Added a new security check to identify supply chain attacks through Polyfill JS.

Improvements

  • Added a notification in the UI to inform users when their account does not have any permissions set up yet (Acunetix Premium+)
  • Updated the Scan Details page user experience with RuntimeSCA reporting (available to Early Access customers)
  • Improved detection of DOM XSS vulnerabilities
  • .NET Core IAST sensor - added hooking for System.Xml functions
  • Improved detection of Open Redirect vulnerabilities
  • Improved descriptions for verified vulnerabilities
  • Added a notification to the activity log when the engine is unable to communicate with the SCA service

Fixes

  • Fixed the issue that was causing the BLR to fail on Sequential/Slow scans
  • Fixed the issue that was causing duplicates in the sitemap
  • Logon banner messages (when configured) now display properly on the login page (Acunetix On-Premises)