May 22, 20246.6.253


  • CIS benchmark coverage. We added built-in support for CIS SQL Server 2022 benchmark, version 1.1.0.


Customer Requested
  • Asset Search. We improved the functionality of a filtered Asset Search by adding the ability to filter by secondary asset IPs.
  • Java Runtime Environment (JRE). We improved the Nexpose’s security posture by upgrading the JRE included with the Scan Engine and Security Console to Zulu OpenJDK version 1.8.0_412.


  • CIFS/SMB credentials are no longer incorrectly reported as not supplied (NO_CREDS_SUPPLIED) when authentication fails. Now, failure to authenticate is correctly reported as SUPPLIED_FAILED.
  • We fixed an issue affecting credential elevation when using the CyberArk integration where the Test Credential was successful on the Site Configuration page but unsuccessful during the scan.
  • We fixed an issue affecting the SQL Export Report feature that prevented some SQL queries from executing due to false validation errors.
  • We updated the error messages that are generated when a user attempts to edit and save Discovery Connections to be more relevant.
  • We updated our CIS SQL Server 2019 benchmark to resolve an issue that prevented the policy from being copied.