v23.11.231123131 - 23 Nov 2023
Release build 23.11.231123131 includes a fresh color scheme, new features and enhancements to the UI, as well as new security checks, improvements, and bug fixes.
New features
- Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
- For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
- You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
- We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
- For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).
New security checks
- Added default JWT keys for Apache Superset: CVE-2023-27524
- Cisco IOS XE Web UI Authentication Bypass: CVE-2023-20198
- Cisco IOS XE implant detection: CVE-2023-20198
- Citrix NetScaler Information Disclosure – ‘Citrix Bleed’: CVE-2023-4966
- Confluence Data Center and Server Broken Access Control: CVE-2023-22515
- Craft CMS RCE: CVE-2023-41892
- ZK Framework AuUploader Information Disclosure: CVE-2022-36537
- ActiveMQ OpenWire RCE: CVE-2023-46604
- Juniper Junos OS J-Web RCE: CVE-2023–36845
- Openfire Path Traversal: CVE-2023-32315
- WS_FTP AHT Deserialization RCE: CVE-2023-40044
- Sangfor NGAF Authentication Bypass
- SharePoint Authentication Bypass: CVE-2023–29357
- TeamCity Authentication Bypass:CVE-2023-42793
- Updated detection of exposed installers (Openfire and Chamilo)
Improvements
- Email notifications now have the option to include a direct link for downloading PDF reports. Previously it was necessary to log in to Acunetix to download PDF reports.
- Updated the Chromium Build to 119.0.6045.123/.124
- Enhanced IAST .NET sensor detection capabilities
- Improved location detection when using LSR
- Improved scanner stability for select environments
- Improvements to handling OpenAPI specifications
- Multiple improvements to the SQL Injection vulnerability checks
Fixes
- Fixed an issue that was causing Amazon WAF exports to fail
- PDF reports now display information that was previously being cut off