Invicti Enterprise On-Demand 30 Jan 2024 v24.1.1

This update includes changes to the internal agents. The internal scan agent’s current version is 24.1.1. The internal authentication verifier agent’s current version is 24.1.1.

New features

  • Added the option to remove Request/Response details from the detailed template to avoid the character limit error when sending vulnerabilities
  • Added the option for customers to display their company name on the PCI report (new scan settings field under General settings)
  • Enabled the ability to re-scan a previously scanned target which allows the application of previous exclusions on the scan and helps avoid false positives on the PCI ASV scan
  • Added the option to enable enhanced logging of failed logins
  • Added functionality to the UI for users to obtain logs from failed scans (previously only system administrators were able to do that)

New security checks

  • Added a check for dotCMS
  • Added a check for the Ultimate Member WordPress plugin
  • Added a new mXSS pattern
  • Added new signatures to detect JWKs

Improvements

  • Improved the recommendations for the Weak Ciphers Enabled vulnerability
  • Improved detection of swagger.json vulnerabilities

Fixes

  • Fixed a bug in the cloning report policies functionality
  • Fixed an error that was occurring with the API endpoint: list-scheduled
  • Fixed a bug with the Jira integration
  • Fixed a bug with custom scheduled scans that were not updating the Next Execution Time field correctly
  • Fixed an issue with the HashiCorp Vault integration token validation path
  • Fixed the missing ‘Known Issues’ tab from scan summary issue details
  • Fixed an issue with the severity trend chart on the Dashboard
  • Fixed a problem with importing WDSL files