Invicti Enterprise On-Demand 13 Aug 2024 v24.8.0

This update includes changes to the internal agents. The internal scan agent’s current version is 24.8.0. The internal authentication verifier agent’s current version is 24.8.0.

New Security Checks

  • Added a check for Authentication bypass in Fortra’s GoAnywhere MFT (CVE-2024-0204)
  • Added a check for Open SSH server RCE (CVE-2024-6387)
  • Added a check for cached pages that contain sensitive data (CWE-525)
  • Incorporated the reporting of sensitive information disclosures from Okta

Improvements

  • Added more links from the global dashboard widgets to the corresponding sections in the UI
  • Scheduled scans that repeatedly fail with the same result can now be automatically disabled
  • Unlinked API specs from the scan profile automatically unlink on the API Inventory page as well
  • Added the ability to navigate from the API operation vulnerability count in the API Inventory to a filtered list of vulnerabilities on the Issues page
  • Reverted the fix for a problem in the JWT Engine that was intended to resolve a false positive issue

Fixes

  • Fixed an issue that was causing intermittent errors in PCI reports
  • Fixed the ‘Bad Request’ error that was occurring in the vulnerability details of scan reports
  • Fixed an issue where the character ‘ñ’ was causing errors when updating or adding new users
  • Fixed the issue that was preventing deletion of unused scan policies
  • Fixed the issue where additional website vulnerabilities were being stored as target vulnerabilities
  • Fixed the missing tooltips for source errors on the API Sources page
  • Fixed the issue where the linked target URL was clickable even when the API specification was hidden