Invicti Enterprise On-Demand 08 Oct 2024 v24.10.0
This update includes changes to the internal agents. The internal scan agent’s current version is 24.10.0. The internal authentication verifier agent’s current version is 24.10.0.
New Features
- API Security: Added integration with Azure API Management to fetch Swagger2 and OpenAPI3 specification files → Learn more
New Security Checks
- Updated detection for ActiveMQ – Remote Code Execution (CVE-2023-46604) and TorchServe Management API SSRF (CVE-2023-43654)
Improvements
- Database optimizations
- Changed scanning without a duration limit to a customer support request-only option
- Reporting improvements for the “Unknown Option Used In Referrer-Policy” vulnerability
- Improved the behavior of the ‘Recent Scans’ button group on the global dashboard when using the mobile view
Fixes
- Fixed a timeout bug in zero-configuration API discovery
- Fixed some wording inconsistencies and other minor improvements to the user interface
- Removal of sitemap data when a scan is canceled, failed, or aborted
- Resolved an issue in the General Settings page configuration
- Resolved an issue with user sessions not timing out in compliance with the specified configuration
- Fixed a false positive issue with Boolean Based MongoDB Injection detection
- Out-of-date version for Boolean Based MongoDB Injection is now reported correctly
- Fixed missing API validation for Scan Profile updates, which caused data conflicts during website deletion