Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Invicti Enterprise On-Demand 12 Nov 2024 v24.11.0

This update includes changes to the internal agents. The internal scan agent’s current version is 24.11.0. The internal authentication verifier agent’s current version is 24.11.0

New Features

  • API Discovery now supports working with RAML specs from Mulesoft Anypoint Exchange

New Security Checks

  • Added a check for applications performing certificate name validation to prevent reading invalid memory addresses (CVE-2024-6119)

Improvements

  • Updated the AuthVerificationService from .NET 6.0 to .NET 8.0

Fixes

  • Fixed an issue with missing links in imported files that were sent from the API Inventory to the agent
  • Fixed an issue where target names longer than 40 characters were not being truncated as expected on the Create New Target page
  • Fixed an issue where the “Download HTTP Request Logs” button triggered an error while a scan was in progress
  • Fixed an issue where user names containing the character “ä” could not be added
  • Fixed an issue with the scan data retention period for raw scan files that was not working as expected
  • Fixed missing scan completed notifications with report attachments
  • Fixed an issue where adding more than one name to a Notification’s Excluded Recipients would remove the other users from all other notifications
  • Fixed an issue where the verifier agent could not read or apply custom proxy settings from the appsettings.json file
  • Fixed an issue where uploading a .proto file caused a “No links found in the file” error
  • Fixed missing request/response details for some out-of-band vulnerabilities