Mar 09, 20226.6.130

Improved

  • Updated Apache Log4j checks We updated our Apache Log4j checks so that results from Log4Shell-specific scan templates no longer get removed by subsequent scans.

  • Improved Wordpress fingerprinting We improved WordPress fingerprinting to reduce false negatives.

  • Windows Application Manifest file verification The Windows Application Manifest file verification now needs a file to exist before attempting to parse.

  • Scan engine now handles assessment and on-premise Adobe Flash scans the same way. When performing an on-prem scan for Adobe Flash with a file under C:\\WINDOWS\\system32\\Macromed\\FlashFlash.ocx, scan engines now assert a version of flash with an empty version instead of throwing an exception. The scan engine now handles this case for both assessments and on-premise scans the same way.

Fixed

  • We fixed an issue where some scan engine updates were being skipped. This caused some engines to be out of sync with their updates.

  • In Shared Scan Credential Configuration, test credentials no longer allow literal values to be passed, which could have provided a potential opportunity for an XSS attack. Thank you to Aleksey Solovev for disclosing this issue.

  • An issue which prevented users from deleting custom policies when arf files were corrupted or missing has been fixed. The policy deletion will now complete and a warning will be displayed in the console log, highlighting the arf files.

  • Goals dashboard cards failed to load correctly, which caused the entire dashboard not to load. Dashboards now successfully load in this case.

  • We fixed an issue which caused some assets with the InsightVM Agent installed to fail to remediate vulnerabilities in the Console UI if the Agent data is never imported.

  • We fixed an issue that was causing errors in the console and engine communications to be suppressed.

  • We fixed F+ for Rule 4.2.9 in CIS IBM AIX 7.1 Benchmark 1.1.0 and for some rules in the Apache http 2.4 policy v1.3.0.

  • We fixed an issue when asserting network interfaces.

  • We fixed an issue that caused scans to be slow to start and consoles to lose connectivity to shared engines if a scan contained large IPv6 address ranges.