Acunetix 360 On-Demand - v23.11.0.42665

This update includes changes to the internal agents. The internal scan agent’s current version is 23.11.0. The internal authentication verifier agent’s current version is 23.11.0.

New features

  • Added the ability to pull a PCI Report from the CloneSystem itself by using API endpoints
  • Added the option for customers to define a namespace for their HashiCorp integration
  • Enhanced reporting capabilities with more attributes available in .csv exports and the option to do a .csv export in more places in the UI
  • Added an option under New Scan Policy > Ignored Parameters to allow customers to set 'Cookie' as a type of ignored parameter

New security checks

  • Added new checks for the WordPress Login with Phone Number Plugin: CVE-2023-23492
  • Added new checks for the WordPress JupiterX Core Plugin: CVE-2023-38389, CVE-2023-38388

Improvements

  • Added support for custom authentication tokens without token type
  • Improved LFI attack patterns for better accuracy
  • Fixed some vulnerabilities in the Docker image
  • Stricter sensitive data rules
  • Improved bot detection bypass scenarios

Fixes

  • Fixed a sensitive data issue when uploading a pre-request script
  • Fixed a bug that was preventing scheduling group scans using API
  • Fixed custom header values in scan profiles so that they are masked
  • Docker Cloud Stack check has been updated to reduce noise
  • SSL/TLS classification updated from CWE-311 to CWE-319