Release Date: 2022-05-24

Version:  7.0.3.1.el7


New Features

Netsec

  • API performance improvements
  • Upgrades on open source and third party packages

Agent Version Updates

Security upgrades to agents based on third part software we compile into the binary

  • Previous agent version
    • 1.23.0
  • New agent version
    • 1.23.1

Detection

  • Added detection for Spring Cloud Gateway CVE-2022-22947
  • Added detection for Big-IP CVE-2022-1388
  • Added detection for Zyxel CVE-2022-30525
  • Added detection for VMware Workspace ONE Access CVE-2022-22954 (in previous, escalated release)
  • Added detection for Microsoft OMI
  • Added detection for .NET Core Libraries
  • Added detection for Tomcat when installed in very non-standard ways
  • Added service fingerprinting for FortiGate to FortiManager Protocol

Changes to SMB Null Session Detection

Before this release, having Null sessions was considered a default credential, since it could be said that a Null session is a session established with an empty credential set. 

After this release, the Default Credentials finding will no longer be triggered for SMB Null sessions. SMB Null sessions will now be reported on ID 217926.

Default Credentials findings with "empty credentials" on SMB will be moved. If "empty credentials" were the only found default credentials, the finding will stop triggering completely on that target. 

The new finding is backed by a check which asserts that the Null session can in fact be used to access resources, unlike the previous check, which only asserted that a session was established.

Bug Fixes and Minor Improvements

Netsec

  • Improved detection of Java when deployed over GPO
  • Resolved bug where "Proxy accepts POST request" finding could erroneously trigger
  • Resolved bug where "custom" SSH sudo command would not work as intended
  • Increased allowed target types for REST API schedules
  • Fixed some scan timeouts
  • Added Farsight / Likelihood columns in database integration
  • Fixed Agent scan resulting in only "Test tracking information"
  • Fixed selection of scanner at report import in Outscan RC
  • Fixed HIAB - Syslog - CVSS score when Arcsight field is enabled
  • Fixed scanning through proxy
  • Fixed AWS scan fails if SCP forbids browsing in a region
  • Removed basic Auth from openapi.json spec
  • Fixed request for Blueprint
  • Fixed XML API incorrectly escapes characters in settings.xml
  • Limited Agent discovery scan window for user without agents
  • Fixed asset name of AWS and DOCKER types when new REGION or IMAGE are found in scan
  • Fixed HIAB connectivity test
  • Improved performance for dynamic groups
  • Removed deprecated SAML PBE logic
  • Added cleanup of scheduled reports when assets are removed

Appsec

  • Fixed Schedule time cannot be updated in Appsec Scale Portal

Unified View beta

  • Improved performance in Queries

  • Improved quality

End of Life Announcement

SWAT Classic UI

We are announcing the End of Life of the SWAT Classic UI at the end of March 2022.  Due to feedback from customers we have extended the end of Support date for the SWAT Classic UI to 31st December 2022. We do not envision extending support further.

  • Official End of Life date: 31st March 2022
  • Official End of Support date: 31st December 2022





Copyright

© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.