New
- Added TLS support. We now support scanning for TLS 1.3 services.
- Added Log4j check. We added an obsolete vulnerability check for Log4j 1.x.
- New Metasploit-based vulnerability coverage. We released coverage for three CVEs through the Metasploit Remote Check Service. This service needs to be explicitly enabled on Scan Engines via the Security Console as described in our docs. Coverage includes remote checks for:
- CVE-2019-9082 (ThinkPHP)
- CVE-2020-25213 (wp-file-manager)
- CVE-2020-8816 (AdminLTE)
Improved
Customer Requested
- Improved process name collection. Authenticated scans of assets that have multiple open network ports are working more efficiently now that the listening process names collection has been improved.
Fixed
- The Asset page now displays changes made to the Google Cloud Platform ID.
- Vulnerability investigations no longer fail when included in an asset group in a site.
- Credential restrictions are now honored in site configuration.
- Agent-based scans now remove any deprecated vulnerabilities present on assets.
- The regex command of CIS Win10 v1.10.1 Rile 2.3.10.8 L1 is now case-insensitive.
Security Updates
- We fixed CVE-2022-0757, an SQL injection vulnerability affecting the “ALL” and “ANY” operators for filter queries in the Security Console. Manipulation of the “ALL” or “ANY” filter query operators could have allowed for SQL injection attacks. This issue affects all Security Console versions up to and including 6.6.128. If your Security Console currently falls on or within this affected range, ensure that you update your Security Console to the latest version. Special thanks to Aleksey Solovev (Positive Technologies) for reporting this issue to Rapid7.