Acunetix Premium - v24.6.0

New Features

• Security checks can now be auto-updated without requiring a full product update

New Security Checks

• SolarWinds Serv-U directory transversal (CVE-2024-28995)
• Ivanti EPM SQL Injection / RCE (CVE-2024-29824)
• Rejetto HTTP File Server SSTI / RCE (CVE-2024-23692)
• PHP CGI Argument Injection (CVE-2024-4577)
• Telerik Report Server - Authentication Bypass (CVE-2024-4358)
• Added a new security check to identify supply chain attacks through Polyfill JS.

Improvements

• Added a notification in the UI to inform users when their account does not have any permissions set up yet (Acunetix Premium+)
• Updated the Scan Details page user experience with RuntimeSCA reporting (available to Early Access customers)
• Improved detection of DOM XSS vulnerabilities
• .NET Core IAST sensor - added hooking for System.Xml functions
• Improved detection of Open Redirect vulnerabilities
• Improved descriptions for verified vulnerabilities
• Added a notification to the activity log when the engine is unable to communicate with the SCA service

Fixes

• Fixed the issue that was causing the BLR to fail on Sequential/Slow scans
• Fixed the issue that was causing duplicates in the sitemap
• Logon banner messages (when configured) now display properly on the login page (Acunetix On-Premises)