Attack Surface Management Discovery Engine release v2024.02.22
This Attack Surface Management Discovery Engine release includes:
Bug Fixes
- Fixed an issue where reverse WHOIS was not finding domains based on UniqueKeyword
- Fixed an issue with incorrect keyword parsing in the Code Repository Discovery & Assessment Scan Workflow
Vulnerability Checks
- Added CVE-2023-35368 - Microsoft Exchange Server - Remote Code Execution Vulnerability Check
- Added CVE-2023-35388 - Microsoft Exchange Server - Remote Code Execution Vulnerability Check
- Added CVE-2023-38182 - Microsoft Exchange Server Remote Code Execution Vulnerability Check
- Added CVE-2023-38181 - Microsoft Exchange Server Spoofing Vulnerability Check
- Added CVE-2023-36777 - Microsoft Exchange Server Information Disclosure Vulnerability Check
- Added CVE-2023-36757 - Microsoft Exchange Server Spoofing Vulnerability Check
- Added CVE-2023-36744 - Microsoft Exchange Server Remote Code Execution Vulnerability Check
- Added CVE-2023-36745 - Microsoft Exchange Server Remote Code Execution Vulnerability Check
- Added CVE-2023-36756 - Microsoft Exchange Server Remote Code Execution Vulnerability Check
- Added CVE-2024-22024 - IVANTI Connect Secure Active Check
- Added CVE-2021-30497 - Ivanti Avalanche - Arbitrary File Read Vulerability Check
- Added CVE-2023-38185 - Microsoft Exchange Server Remote Code Execution Vulnerability Check
- Added CVE-2024-1709 - ScreenConnect - Authentication Bypass Vulnerability Check
- Enhanced CVE-2023-46805 Vulnerability Check
Technology Fingerprints
- Updates to ScreenConnect Fingerprint
- General fingerprint enhancements to vendor names for accuracy/consistency