Home
/
Documentation
/
v24.3.0 - 14 March 2024
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
14 Mar 2024

v24.3.0 - 14 March 2024

New features

  • Added the option to remove Request/Response details from the detailed template to avoid the character limit error when sending vulnerabilities
  • Added the option to enable enhanced logging of failed logins
  • Added functionality to the UI for users to obtain logs from failed scans (previously only system administrators were able to do that)
  • ServiceNow Application Vulnerability Response integration is now available in the ServiceNow store

New security checks

  • Added a check for dotCMS (CVE-2022-26352)
  • Added a check for the Ultimate Member WordPress plugin (CVE-2023-3460)
  • Added a new mXSS pattern
  • Added new signatures to detect JWKs
  • Implemented a detection and reporting mechanism for the Backup Migration WordPress plugin (CVE-2023-6553)
  • Added detection for TinyMCE
  • Added detection for ActiveMQ RCE to the OOB RCE Attack Pattern (CVE-2023-46604)

Improvements

  • Improved the recommendations for the Weak Ciphers Enabled vulnerability
  • Improved detection of swagger.json vulnerabilities
  • Updated the "Insecure Transportation Security Protocol Supported (TLS 1.0)" vulnerability to High Severity
  • Implemented support for scanning sites with location permission pop-ups
  • Implemented support for FreshService API V2
  • Revised the labeling of the active vulnerabilities information on the Scan Summary page to provide greater clarity
  • Removed obsolete X-Frame-Options Header security checks
  • Improved ServiceNow Vulnerability Response integration

Fixes

  • Fixed a bug in the cloning report policies functionality
  • Fixed an error that was occurring with the API endpoint: list-scheduled
  • Fixed a bug with the Jira integration
  • Fixed a bug with custom scheduled scans that were not updating the Next Execution Time field correctly
  • Fixed an issue with the HashiCorp Vault integration token validation path
  • Fixed the missing 'Known Issues' tab from scan summary issue details
  • Fixed an issue with the severity trend chart on the Dashboard
  • Fixed a problem with importing WDSL files
  • Fixed a bug in the Request/Response tab of Version Disclosure vulnerabilities
  • Corrected an issue in the technical reports where vulnerabilities identified in Korean are now reported in English
  • Changed the ID parameter from 'optional' to 'required' within the Scan Policy Update API
  • Removed the target URL from the scope control list
  • Resolved a bug in the filtering of vulnerabilities on the Issues page
  • Fixed a bug in the marking of issues as a false positive
  • Resolved an issue where the agent would become unavailable after receiving a 401 error
  • Fixed the issue with uploading a Swagger file into a scan profile
  • Fixed the system to halt subsequent tests if a scan is aborted from Jenkins
  • Upgraded Microsoft.Owin package to version number 4.2.2