Nexpose Release Notes / Nov 30, 2022

Nov 30, 20226.6.170

Improved

  • CSV Exporter report. We improved the performance of the CSV Exporter report by removing duplicate rows and adding missing vulnerability instance data.
  • maintenance_work_mem property. The value for the maintenance_work_mem property is now only displayed in MB due to an issue in some Windows environments where values were rounded up, causing memory problems.
  • Agent Sync. Agent Sync schedule is now enabled by default.

Fixed

  • The UI now correctly updates after an Insight Agent asset imports.
  • The check logic for CVE-2022-3602 and CVE-2022-3786 has been updated to exclude Rocky Linux as it is not affected.
  • The check logic for CVE-2021-41032 affecting FortiOS has been updated to reduce false positives.
  • The check logic for vulnerabilities related to VMSA-2022-0020 affecting ESXi has been updated to reduce false positives.
  • The check logic for CVE-2022-20715 affecting Cisco ASA has been updated to reduce false positives.
  • The check logic for CVE-2020-35452 affecting Apache HTTP Server on Oracle Linux has been updated to reduce false positives.
  • The check logic affecting FFMPEG vulnerability checks has been updated to reduce false positives.
  • The check logic for CVE-2021-40469 affecting Windows Server has been updated to check for DNS, reducing false positives.

Security Updates

  • Postgres version 11.17 is now available for those who are also Postgres 11.x customers. This update addresses the MiTM vulnerability CVE-2020-25694. All Security Console versions up to and including 6.6.169 are affected by this issue. If your Security Console currently falls on or within this affected version range, ensure you update your Security Console to the latest version. For this change to take effect, an additional restart is required after updating your Security Console. Special thanks to Tom Heesmans for reporting this issue to Rapid7.

    For more information, see the official Postgres release notes.