v25.1.2 - 17 Feb 2025
Copy Link
Copy Link
Release 25.1.2 for Acunetix is for SQL Server Vulnerabilities improvements.
Improvements
- Moved a number of SQL Server Vulnerabilities to Technologies
v25.1.1 - 07 Feb 2025
Copy Link
Copy Link
New security checks Added a new check for SSRF Cloud Metadata Added a new check for Out-of-Band SSTIs Improvements Improved Information Disclosures for phpinfo Improved Username Disclosure for MS SQL Improved Database Name Disclosures Improved detection of exposed git repositories Improved coverage of checks in...
New security checks
- Added a new check for SSRF Cloud Metadata
- Added a new check for Out-of-Band SSTIs
Improvements
- Improved Information Disclosures for phpinfo
- Improved Username Disclosure for MS SQL
- Improved Database Name Disclosures
- Improved detection of exposed git repositories
- Improved coverage of checks in Directory tests
- Updated VDB to 20250204
- Improved detection of Programming Error Messages
Resolved issues
- Fixed a false positive causing EspoCRM tech to be reported unexpectedly
v25.1.0 - 04 Feb 2025
Copy Link
Copy Link
New security checks Added a check for Craft CMS Development Mode enabled Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145) Added a check for Apple’s App-Site Association (AASA) file Added new checks for API9:2023 Improper Inventory Management Added new checks for API10:2023 Unsafe Consumption...
New security checks
- Added a check for Craft CMS Development Mode enabled
- Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145)
- Added a check for Apple’s App-Site Association (AASA) file
- Added new checks for API9:2023 Improper Inventory Management
- Added new checks for API10:2023 Unsafe Consumption of APIs
- Added new checks for API2:2023 Broken Authentication
New features
- Added support for scanning web applications using Smart Card Authentication. Learn more.
Improvements
- Improved detection of Microsoft SQL Server as a technology
- Improved detection of XSS
- Updated the severity of some vulnerabilities to better reflect their impact
- Improved detection of weak passwords
- Improved detection of Blind XSS
- Improved detection of SQL Injection
- Updated scanner to never downgrade from HTTPs to HTTP
Resolved issues
- Improvement to launching Chromium on Windows 10 build 14393
v24.12.1 - 03 Jan 2025
Copy Link
Copy Link
New Security Checks Added Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164) Added Cleo LexiCo, VLTransfer, and Harmony (CVE-2024-50623/CVE-2024-55956) Improvements Updates to technologies and fingerprints
New Security Checks
- Added Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
- Added Cleo LexiCo, VLTransfer, and Harmony (CVE-2024-50623/CVE-2024-55956)
Improvements
- Updates to technologies and fingerprints
v24.12.0 - 16 Dec 2024
Copy Link
Copy Link
New Security Checks Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474) Added Sitecore AFR (CVE-2024-46938) Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378 Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly Improvements...
New Security Checks
- Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474)
- Added Sitecore AFR (CVE-2024-46938)
- Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378
- Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly
Improvements
- The engine now uses Chromium 131 for scanning
- The engine now leverages headers from all import files, incl. Postman collections
- The engine now supports using host and path from Postman collections
- Users can see clearly if OTP is not configured inside the Login Sequence Recorder
Fixes
-
Fixed an issue where, in rare cases, the LSR failed to correctly add session data
-
Fixed an issue where GraphQL imports could fail in certain edge cases
v24.11.0 - 28 Nov 2024
Copy Link
Copy Link
Release 24.11.0 is for Acunetix Online only and contains a new feature for API Discovery.
This release is for Acunetix Online only.
New Features
- API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more
v24.10.241106172 - 07 Nov 2024
Copy Link
Copy Link
Release build 24.10.241106172 includes new features, improvements, fixes, and a change to the API documentation.
New Features
- API Discovery now supports retrieving OpenAPI/Swagger specs from Azure API Management → Learn more
- Added support for automated use of OTP in scans, enabling seamless scanning of 2FA-enabled web applications → Learn more
- API Discovery now supports working with RAML specs from Mulesoft Anypoint Exchange
Improvements
- Added the latest checks for outdated technology versions
- Optimised various Directory tests to make less HTTP requests
- DeepScan update which improves scan coverage and consistency
- Minor UI improvements across the app
- Removed redundant configuration option in API Discovery integration with Amazon API Gateway
Fixes
- Fixed a single occurrence edge case when a scan was crashing
- Fixed incorrectly reporting Application Build in RuntimeSCA reports
API Changes
- Corrected the baseURL for EU customers in our API documentation
v24.9.241025109 - 29 Oct 2024
Copy Link
Copy Link
Release build 24.9.241025109 includes a fix for the scanner.
Fixes
- Fixed a problem with the scanner that was causing it to crash in some instances
v24.9.241015145 - 17 Oct 2024
Copy Link
Copy Link
Release build 24.9.241015145 includes a new security check and product improvements.
New Security Checks
- Added check for CVE-2024-6842
Improvements
- Upgraded to OpenSSL
- Updates to technologies and fingerprints