Feb 07, 20237.4.049


  • Server Configuration Module. We reduced false negatives in the Server Configuration module.
  • OOB Log4Shell JNDI Injection. We enhanced Out of Band Log4Shell JNDI Injection to attack user-agent headers.
  • Updated severity. We updated Credentials stored in clear text in a cookie severity. Usernames found now raise a low severity. Passwords found now raise a high severity.
  • Deprecated SQL injection attacks. We have turned off deprecated DBI18 and DBI19 SQL injection attacks by default.
  • Search fields. We improved the way the engine interacts with search fields to reduce false positives returned.
  • BlindSQL injection attack module. Content length is no longer a proof for BlindSQL injection attack module.
  • Selenium ChromeDriver. We upgraded Selenium ChromeDriver to 109.0.5414.74.


  • We fixed issues with the branding tool.
  • The correct error message now displays when a macro fails.
  • We fixed an issue where an empty string is used for a SQL Injection attack.
  • The findings summary graph now shows the correct severities with validation scans.
  • We fixed an issue where bootstrap authentication failed via REST API.