Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Release Date: 2020-01-21

Version: G4.12.0.1

This release is a preparation for the upcoming February (and winter) release. Capability to assess Azure environments for compliance into a unified multi-cloud compliance view has been integrated. This is currently a beta functionality and the new CIS benchmark (v1.1.0) is under approval by CIS.

New Features

Netsec

  • Improved log message on logs for discovery scans
  • Added detection for IPMIv2 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)

Platform / API

  • Filtering multiple tags
  • Set literal filter by pressing on a tag
  • Improved accepting risks performance 
  • Better logging exception error in offline enrollment
  • Improved task scheduling

Compliance

  • Created CIS compliance policy for Ubuntu Linux 18.04 LTS v1.0.0
  • Added PCI scan type and updated ASV attestation text
  • Added detection for CVE-2019-19781 (Netscaler/Citrix ADC)
  • Created CIS Azure Benchmark V1.1.0, BETA and pending approval by CIS 

MSSP

  • MSSP purging default values containing "outpost24.com"
  • MSSP Agents can now view the consumption stats for each customer account
  • Adjusted Scale consumption stats to count only configured assets

Fixes and Minor Improvements

Appsec

  • Handled question mark if it is the only part of the query
  • Fixed bugs in SQL injection detection for stacked queries
  • Fixed SWAT reports show 0.0 average CVSS score
  • Scout: Disabled subdomain enumeration due to performance issues

Netsec

  • Corrected multiple bugs in Amazon Linux v2.1.0
  • Fixed improper validation in AWS role based scanning
  • Fixed XML output in PCI report
  • Fixed platform detected as "Microsoft Windows" for Oracle Linux machine
  • Fixed detection CVE-2013-4786
  • Fixed inability to export targets in Manage Targets view
  • Fixed OUTSCAN RC Discovery failures
  • Fixed Export Target list error
  • Fixed an issue with Dashboard trend and PDF report trend not matching
  • Corrected information for third party licenses, concerning VMware vSphere

End of Life Announcement

Appsec SWAT UI EOL

The deprecation of the SWAT Classic UI have been indefinitely. It is strongly recommend that customers make use of the APPSEC UI for the majority of their activities as Swat Classic UI is no longer actively developed. Once a firm deprecation date have been set, a three month notification of the End of Life will be provided.