Acunetix Standard & Premium

New features

• The Java IAST sensor now supports Java 21

New security checks

• Added checks for jslib Lodash (CVE-2020-8203, CVE-2021-23337, CVE-2020-28500, CVE-2019-10744, CVE-2019-1010266, CVE-2018-16487)

Fixes

• Fixed a bug in the processing of technologies

Fixes

• Fixed a bug in the SSO workflow

New features

• Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
• For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
• You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
• We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
• For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).

New security checks

• Added default JWT keys for Apache Superset: CVE-2023-27524
• Cisco IOS XE Web UI Authentication Bypass: CVE-2023-20198
• Cisco IOS XE implant detection: CVE-2023-20198
• Citrix NetScaler Information Disclosure – ‘Citrix Bleed’: CVE-2023-4966
• Confluence Data Center and Server Broken Access Control: CVE-2023-22515
• Craft CMS RCE: CVE-2023-41892
• ZK Framework AuUploader Information Disclosure: CVE-2022-36537
• ActiveMQ OpenWire RCE: CVE-2023-46604
• Juniper Junos OS J-Web RCE: CVE-2023–36845
• Openfire Path Traversal: CVE-2023-32315
• WS_FTP AHT Deserialization RCE: CVE-2023-40044
• Sangfor NGAF Authentication Bypass
• SharePoint Authentication Bypass: CVE-2023–29357
• TeamCity Authentication Bypass:CVE-2023-42793
• Updated detection of exposed installers (Openfire and Chamilo)

Improvements

• Email notifications now have the option to include a direct link for downloading PDF reports. Previously it was necessary to log in to Acunetix to download PDF reports.
• Updated the Chromium Build to 119.0.6045.123/.124
• Enhanced IAST .NET sensor detection capabilities
• Improved location detection when using LSR
• Improved scanner stability for select environments
• Improvements to handling OpenAPI specifications
• Multiple improvements to the SQL Injection vulnerability checks

Fixes

• Fixed an issue that was causing Amazon WAF exports to fail
• PDF reports now display information that was previously being cut off

Fixes

• Fix for XML Export

Improvements

• Multiple improvements to the SSL Engine

New features

• Added critical severity as a new vulnerability classification and reclassified select high vulnerabilities to critical severity – more information on the Acunetix blog
• Added the ability to specify proxy settings for the Internal Scanning Agent

New security checks

• Acunetix now detects the following SSL vulnerabilities:
• Certificate signed using a weak signature algorithm
• Revoked SSL certificate
• Anonymous ciphers supported
• SSL untrusted root certificate
• Confirm validity of Certificate Authority (CA) signature

Improvements

• Updated the user agent string to Chromium 117
• Updated Chromium to 117.0.5938.63
• Fixed misbehaving scrolling behavior in the LSR recorder screen
• Improved detection of DOM-based XSS vulnerabilities
• Moved license subscription details from the Profile section to Settings > Subscription
• Improvements to DeepScan coverage
• Improvements to the UI during scan configuration
• Set client certificate import default format to PFX

Fixes

• Engine/Open SSL: Fixed scanning sites that require connection with enabled legacy unsafe renegotiation
• Minor UI navigation fixes
• Fixed occasional crash on importing Postman files
• Fixed false positive “ASP.NET expired session IDs are not regenerated“ when <sessionState> section of web.config is encrypted