Release Date: 2021-10-26

Version: 4.32.16.0.el7



Important notice for all customers

We are continually improving the service we offer our customers, and are implementing a number of network changes to help improve the service we are able to provide.

To guarantee an totally uninterrupted service, we recommend that customers allow any Outpost24 services they may have running access to the following IP ranges:

  • For IPv4: 91.216.32.1 to 91.216.32.254, 80.254.228.0 to 80.254.231.255.
  • For IPv6: 2001:67c:1084::0 to 2001:067c:1084:ffff:ffff:ffff:ffff:ffff.

As we know this is not always possible for some customers, in the last few months we have implemented DNS entries for all of our services where specific access is required. These may have previously been communicated as IP Addresses, but should be changed to DNS entries as soon as possible to ensure a continuity of service. The necessary changes are detailed below:

ServicePreviousNew
Remote Support91.216.32.136osrss.outpost24.com
Update91.216.32.142

repo.outpost24.com

Enrollment91.216.32.141

outscan.outpost24.com

Inbound HIAB Rule91.216.32.3 secureconnection.outpost24.com


Important notice for all XMLAPI users

XMLAPI queries now return a maximum of 5000 rows per query to ensure sustainable performance for all XMLAPI users.

New Features

Netsec

Added the capability to scan using vulnerabilities

During the scan process we will often find ways for us to perform a more in-depth Vulnerability Scan using default credentials or null sessions. If credentials for a target are not specifically supplied, we can now use any discovered credentials to perform a scan with increased levels of authentication.

It is possible to disable this capability in the scan policy (Default: Enabled). Supplied credentials will always take precedence over discovered credentials.

Agents

  • Windows

    • Previous version:1.14.0

    • Current version: 1.15.0

  • Linux

    • Previous version: 1.14.0

    • Current version: 1.15.0

  • Mac

    • Previous version: 1.14.0

    • Current version: 1.14.0


We recommend all customers to update to the latest version of the agent.

More information on updating is available here: https://kb.outpost24.com/kb/vulnerability-management-netsec/outscan-hiab/netsec-agents/installing-outpost24-agents

Bug Fixes and Minor Improvements

Netsec

  • Improved enumeration of SSL/TLS on MySQL
  • Improved detection for Windows Server and added support for Windows Server 2022
  • Changed the no-reply email address used by the Report Notification emails send from Outscan
  • Improved detection of Visual Studio
  • Added detection for Nagios XI
  • Improved the way we handle XMLAPI tokens
  • Fixed an issue which caused an error when generating an Excel trend report
  • Implemented performance improvements and optimizations for Target Management
  • Improved detection of Virtualbox Guest Additions
  • Improved detection for CVE-2021-38647 (OMIGOD)
  • Added a specific error message when adding a host assigned to an invalid scanner

Cloudsec

  • Fixed an issue when fetching the registry catalog where more than 100 exist in the registry

Portal

  • Fixed an issue where running a scheduled report with a specific date range may be run for a larger date range.
  • Fixed an issue when configuring Request Filters where headers remained persistent




Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.