Attack Surface Management Discovery Engine release v1.30.0
This Attack Surface Management Discovery Engine release includes:
Vulnerability Checks
- Improved vulnerability check for CVE-2022-22536 (SAP NetWeaver)
Severity adjusted, remediation added, refactored check logic, more information added to proof, and added testing coverage. - Added vulnerability check for CVE-2023-42793 (JetBrains TeamCity authentication bypass)
A critical authentication bypass that affects on-premises instances of JetBrains TeamCity, a CI/CD server. - Added vulnerability check for CVE-2023-36845 (Juniper J-Web remote code execution)
A vulnerability in J-Web of Juniper Networks Junos OS on EX and SRX Series enables unauthenticated attackers to remotely execute code.
Technology Fingerprints
- Improved fingerprint check scope and logic
Enhanced technology identification via HTTP. - Improved technology fingerprint for JetBrains TeamCity
Enhanced existing fingerprint logic and added favicon matching. - Improved technology fingerprinting for Juniper devices
Added SNMP fingerprint, and added additional fingerprint checks to detect SRX devices based on the form header and title. - Improved fingerprint coverage for Shelly IoT
Added Shelly Plus Plug S, Shelly Plus 1, Shelly Uni, Shelly 1L, Shelly Motion 1, and Shelly RGBW2 fingerprint patterns.