Mar 09, 20226.6.130

Improved

  • Updated Apache Log4j checks We updated our Apache Log4j checks so that results from Log4Shell-specific scan templates no longer get removed by subsequent scans.
  • Improved Wordpress fingerprinting We improved WordPress fingerprinting to reduce false negatives.
  • Windows Application Manifest file verification The Windows Application Manifest file verification now needs a file to exist before attempting to parse.
  • Scan engine now handles assessment and on-premise Adobe Flash scans the same way. When performing an on-prem scan for Adobe Flash with a file under C:\\WINDOWS\\system32\\Macromed\\FlashFlash.ocx, scan engines now assert a version of flash with an empty version instead of throwing an exception. The scan engine now handles this case for both assessments and on-premise scans the same way.

Fixed

  • We fixed an issue where some scan engine updates were being skipped. This caused some engines to be out of sync with their updates.
  • An issue which prevented users from deleting custom policies when arf files were corrupted or missing has been fixed. The policy deletion will now complete and a warning will be displayed in the console log, highlighting the arf files.
  • We fixed an issue which caused some assets with the InsightVM Agent installed to fail to remediate vulnerabilities in the Console UI if the Agent data is never imported.
  • We fixed an issue that was causing errors in the console and engine communications to be suppressed.
  • We fixed F+ for Rule 4.2.9 in CIS IBM AIX 7.1 Benchmark 1.1.0 and for some rules in the Apache http 2.4 policy v1.3.0.
  • We fixed an issue when asserting network interfaces.
  • We fixed an issue that caused scans to be slow to start and consoles to lose connectivity to shared engines if a scan contained large IPv6 address ranges.

Security Updates

  • We fixed CVE-2022-0758, a cross-site scripting vulnerability affecting test credentials in Shared Scan Credential Configurations. These test credentials could have allowed literal values to be passed which would have offered the opportunity for an XSS attack. This issue affects all Security Console versions up to and including 6.6.129. If your Security Console currently falls on or within this affected range, ensure that you update your Security Console to the latest version. Special thanks to Aleksey Solovev (Positive Technologies) for reporting this issue to Rapid7.