Release Date: 2022-05-12

Version: 6.1.13.3.el7


New Features

Netsec

  • Improved performance
  • Security upgrades

Agent Version Updates

  • Previous agent version
    • 1.22.1
  • New agent version
    • 1.23.0
  • Relevant changes
    • Changed format of version in "info" command

Unified View beta

  • Changed the style of unscanned assets.

  • Fixed import of Cloudsec compliance findings.

Appsec

  • Update Japanese translation

  • With this release we have updated the data model used to identify unique assets.  A separate communication has been sent to customers affected by this change, a summary of which is listed below:
    • Removal of the Attack Surface tab.
    • Removal of the Web hosts search column on the Assets page.
    • Changes to the associations tab to better reflect how an asset has been identified.
    • Reports will be generated against the web application asset and no longer be tied to IP address.
    • Web applications that had multiple ip addresses due to load balancing will appear as a single asset listing each IP address as an association.
    • Multiple web applications running on a single IP address, or a load balanced cluster, will now be split to list each web application with the relevant IP address(es) listed in the associations tab.
    • We recommend customers scan Scale and CloudSec assets as soon as a schedule allows once the release has completed.
    • We also recommend all customers using the Portal should check their role based access control (RBAC) settings.

Cloudsec

  • Added new missing AWS regions

Detection

  • Added detection for HP Device Manager
  • Added detection for web cameras running on Axis OS
  • Added detection for the WebsiteBaker CMS
  • Added active detection of Cisco CVE-2015-6435
  • Added active detection of Gitlab CVE-2021-4191

Bug Fixes and Minor Improvements

Netsec

  • Fixed error starting scan after discovery.

  • Fixed last items blocked in webhosts list.

  • No longer allowing findings with multiple CVEs for more granular reporting.

  • Fixed scanners not syncing properly.

  • Fixed edit of scan policy - SMB credentials bug.

  • Extended agent discovery scan window.

  • Fixed AWS Discovery - Should not fail upon one region access denied.

  • Resolved bug where Wordpress could be misdetected.

  • Resolved false positive where exposed CGI shells could be erroneously found in rare circumstances.

  • Resolved bug where UDP portscanner could miss a port.

  • Resolved bug where TLS Client-Initiated Renegotiation check could generate incorrect results.

  • Improved detection of Third-Party cookies in Internet Explorer.

End of Life Announcement

SWAT Classic UI

We are announcing the End of Life of the SWAT Classic UI at the end of March 2022.  Due to feedback from customers we have extended the end of Support date for the SWAT Classic UI to 31st December 2022. We do not envision extending support further.

  • Official End of Life date: 31st March 2022
  • Official End of Support date: 31st December 2022




Copyright

© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.