Attack Surface Management Discovery Engine release v1.35.0
This Attack Surface Management Discovery Engine release includes:
Bug Fixes
- Revolved a bug related to scope on Entity zone records
- Resolved a bug causing hidden Entities to be included in open ports for IP address Entities
Checks
- Added CVE-2023-23752 Vulnerability Check (Joomla Sensitive Information Leak)
- Added CVE-2023-23333 Vulnerability Check (SolarView Compact Remote Code Execution)
- Added CVE-2023-1671 Vulnerability Check (Sophos Web Appliance Remote Code Execution)
- Added CVE-2023-22518 Vulnerability Check (Atlassian Confluence authentication bypass)
- Added CVE-2023-32235 Vulnerability Check (Ghost CMS Path Traversal)
- Added CVE-2023-34960 Vulnerability Check (Chamilo LMS command injection)
- Added CVE-2023-29919 Vulnerability Check (SolarView Compact - Arbitrary File Read)
- Added CVE-2023-46747 Vulnerability Check (F5 BIG-IP remote code execution)
- Added Active Check (ServiceNow Sensitive Data Exposure via Widget Misconfiguration)
Technology Fingerprints
- Added Sophos Web Appliance Detection Technology Fingerprint
- Added support for Point-to-Point Tunneling Protocol (PPTP) negotiation during technology fingerprinting process
- Added additional detection fingerprints for F5 Big IP Configuration Utility