July 23, 2024 ASM Discovery Engine Release

Attack Surface Management Discovery Engine release v2024.07.23

This Attack Surface Management Discovery Engine release includes:

  • Disabled unnecessary checks to speed up sslscan
  • Re-enabled uri_check_api_endpoint task

Bug Fixes

  • Fixed source of issue for Azure storage
  • Temporarily disabled microsoft_exchange_hafnium_compromised_webshell
  • Deprecated CPE Formats for Oracle Weblogic

Vulnerability Checks

  • Added CVE-2024-5217 - ServiceNow - Template Injection (Database Credentials Dump)
  • Added CVE-2024-4879 - ServiceNow - Template Injection
  • Added CVE-2023-6380 - OpenCms - Open Redirect
  • Added CVE-2023-6379 - OpenCms - Reflected Cross-Site Scripting
  • Added CVE-2024-36401 - GeoServer - Remote Code Execution

Technology Fingerprints

  • Added Cellopoint Secure Email Gateway technology fingerprints
  • Added additional GeoServer technology fingerprints
  • Added Jetty HTML Footer  technology fingerprint
© Copyright Mandiant. All rights reserved
  • First Published: July 24, 2024
  • Last updated: July 26, 2024
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.