Invicti Enterprise On-Demand 20 Feb 2024 v24.2.0.43676

This update includes changes to the internal agents. The internal scan agent’s current version is 24.2.0. The internal authentication verifier agent’s current version is 24.2.0.

New security checks

  • Implemented a detection and reporting mechanism for the Backup Migration WordPress plugin (CVE-2023-6553)
  • Added detection for TinyMCE

Improvements

  • Updated the “Insecure Transportation Security Protocol Supported (TLS 1.0)” vulnerability to High Severity
  • Implemented support for scanning sites with location permission pop-ups
  • Implemented support for FreshService API V2
  • Revised the labeling of the active vulnerabilities information on the Scan Summary page to provide greater clarity
  • Removed obsolete X-Frame-Options Header security checks

Fixes

  • Fixed a bug in the Request/Response tab of Version Disclosure vulnerabilities
  • Corrected an issue in the technical reports where vulnerabilities identified in Korean are now reported in English
  • Changed the ID parameter from ‘optional’ to ‘required’ within the Scan Policy Update API
  • Removed the target URL from the scope control list
  • Resolved a bug in the filtering of vulnerabilities on the Issues page
  • Fixed a bug in the marking of issues as a false positive
  • Resolved an issue where the agent would become unavailable after receiving a 401 error
  • Fixed the issue with uploading a Swagger file into a scan profile