InsightVM Recent Releases / Mar 31, 2021

Mar 31, 20216.6.75

New

Customer Requested
  • New vulnerability coverage: We added checks for the following vulnerabilities affecting the desktop and mobile editions of the Cisco Jabber software:
    • CVE-2021-1411
    • CVE-2021-1417
    • CVE-2021-1418
    • CVE-2021-1471
    • CVE-2021-1469

Improved

Customer Requested
  • Updated Telerik UI for ASP.NET AJAX vulnerability content: We broadened the scope of our remote check for CVE-2019-18935 (Telerik UI for ASP.NET AJAX: Deserialization of Untrusted Data) to accommodate third party products that may have embedded or used the vulnerable libraries that this vulnerability affects.
  • Updated Windows Policy: We updated our Defense Information Systems Agency (DISA) Microsoft Windows 2008 R2 Domain Controller benchmark to version 1, release 33.

Fixed

  • GET requests to the /api/3/scan_templates/{id} APIv3 endpoint will no longer fail if the scan template was originally saved without a value in the Fingerprint retries field.
  • Asset detail pages will now display all MAC addresses that are returned for an asset after an authenticated discovery scan instead of just the first MAC address detected.
  • The Export to CSV link for asset tables within Tag Asset Search views will now produce a CSV export of the table's contents as expected.
  • The Security Console's support package generation process will now gracefully handle and exclude any corrupted files that it encounters. This change ensures that support packages will generate successfully even if file corruption is present.
  • We fixed an issue that allowed idle Dynamic Discovery connections to exhaust the Security Console database. Large numbers of these connections could have eventually caused the Security Console to become unresponsive.
  • We fixed an issue where a limit on assessed users and user groups could lead to incomplete results for policy assessments. This limitation has been removed and assessments will now occur for all users and user groups.
  • We fixed an issue where the Scan Engine failed to identify software running on Unix systems with non-English locales.
  • We removed the EICAR test file from the Metasploit Remote Check Service component of the Scan Engine to prevent it from triggering antivirus solutions.
  • We updated our Google Chrome fingerprinting to avoid reporting incorrect version information when Chrome is provided by Citrix.
  • When using the global search field in the Security Console, the Asset Results table will no longer sort results on a case sensitivity basis. In addition, asset records in this table will now also sort the Address column according to IP address ordering instead of sorting the address based on raw text.
    • Note: This change has since been reverted. See the release notes for product version 6.6.76 for details.