New Features
Predictive Risk Scoring – prioritize your web asset discovery results according to their potential risk before you scan them. Learn more in our Introduction to Predictive Risk Scoring and guide to Utilizing Predictive Risk Scoring
Enabled Korean language support
A new API Token encryption method for Agents/Verifier Agents
Added a pre-request script to generate AWS Signature tokens to perform authentication
CVSS 4.0 scores are now available via API
Added the ability to include/exclude main-level domains in the Discovery settings
New Security Checks
Added detection method for Angular
Added a new security check for Oracle EBS RCE
Added a new security check for TLS/SSL certificate key size too small issue
Improved WP Config detection over backup files
Added a new security check for authentication bypass and command injection in Ivanti ICS and Ivanti Policy Secure (CVE-2023-46805 and CVE-2024-21887 )
Added detection for exposed WordPress configuration files
Added a new security check that reports two vulnerabilities: TorchServe Management API Publicly Exposed and TorchServe Management API SSRF (CVE-2023-43654 )
Command Injection in VMware Aria Operations for Networks can now be detected
Added a new signature for Stack Trace Disclosures (ASP.Net)
Added a new security check for Client-Side Prototype Pollution
Improvements
Improved AWS Secret Key ID detection security checks
Improved Google Cloud API Key detection security checks
Updated remediation information for Angular JS-related vulnerabilities
Improved Boolean-based MongoDB Injection detection method
Updated all IAST sensors to support Java 17 and 21
Added highlighting and verification of response status codes to the BREACH engine
Updated the notes section of the [Possible] Cross-Site Scripting issue detail to cover MIME sniffing
Increased the default severity level of Version Disclosure (Varnish) from 'Information' to 'Low'
Improved WordPress Config detection over backup files
The Agent type (Arm or Intel) information is now displayed on the Scan Summary page
Permissions on the General Settings screen are now grouped by category rather than listed without being categorized
Added an option to enable or disable the JavaScript Parser, facilitating JavaScript parameter discovery within the JavaScript code
The Jenkins plugin now routes requests through the proxy
The Team Administrator role checkbox is now in a separate Limiting Permissions Role section of the UI
Fixes
Adjusted the settings for SSL certificate errors to resolve a scan failure 'target link timeout error'
Fixed a bug in the automatic sign out functionality when the session timeout period has expired
Resolved an issue with downloading HTTP request logs
Fixed a validation error when validating AcuSensor settings
Fixed an issue with duplicate custom user agents that was preventing scanning
Fixed an issue where authentication would fail when started with an Authentication profile
Fixed an issue that caused proxy usage for Chromium even when no proxy was selected from the scan policy settings
Fixed a scan authentication issue and a crawling issue with Cloud Agents
Fixed the HTTP 401 forbidden response form authentication error
Fixed an issue with the detection method for wp-admin vulnerabilities
Fixed an error that was occurring when generating knowledge base reports
Fixed a scan issue that was producing 413 error responses
Fixed a bug in the API Access settings
Resolved an issue with custom severity levels that were reverting to their previous level
Fixed a bug in the API update command for scan profiles
Removed limits on AWS Discovery port filters
Technologies identified during failed scans are no longer displayed
Fixed a bug in the scan retention period settings that was causing inaccurate information in the Recent Scans list
The Last Login Date is now aligned between the UI and the API
Fixed an issue with the detection method for wp-admin vulnerabilities
Fixed the issue where scan profiles could not be created through automation tools, Postman, or through the Acunetix 360 API Documentation page
Fixed the issue with scans that were stuck in ‘Delayed’ or ‘Archiving’ status
Fixed an issue that was occurring with the Jira Integration when the Jira URL was set as Localhost
Fixed a scan authentication issue and a crawling issue with Cloud Agents
Fixed an issue that was occurring when websites were added with both http and https protocols
The scan report pdf file name now includes the time and date when it is delivered via the scan completed notification
Fixed the 504 error that was appearing when running the Scans_NewWithProfile endpoint
Fixed a bug that was preventing retest scans from launching
Fixed the HTTP 401 forbidden response form authentication error
Fixed a scan issue that was producing 413 error responses
Resolved a cookie use on subdomains issue that was causing a scan authentication and crawling issue
Fixed an issue that was causing a memory issue in JavaScript Parser
Fixed an issue with the custom script editor that was stopping it from loading the form authentication fields
Disabled BREACH attack from the default security checks policy
Fixed the issue where users were unable to load the Scan Report
Fixed the issue where internal scans were not failing if their Agents were terminated
Fixed the Azure Boards integration, which was reported to have been suspended by itself
Fixed query optimization on the main Scans page, resulting in improved response time and query quality
The page number in the Custom Script Editor is now correctly displayed
When the personal access token has expired, the Azure Boards Integration is now disabled
Fixed concurrency exceptions occurring for the scan and website tables due to excessive update requests sent within a short timeframe
The issues counter on the Dashboard now displays the correct number of issues
Fixed an issue when Team Administrator and Account Owner roles are assigned to the same user