Mon 09 September 2024
π User Interface:
- Added notification when triggering the discovery phase. This helps inform users about the discovery process, which may take time on large organizations.
- New Tags menu with an autocomplete feature for easier navigation and centralized management. All tags are now grouped in a single page and can be centrally edited on all tickets or assets.

- CVSSv4 support in PDF exports for clearer representation of vulnerabilities. The new visualisation makes it easier to understand each element, from vector, complexity to the need for authentication.

- Grouped vulnerabilities by risk rating in tables, making it easier to differentiate between confirmed and potential findings of the same category.
- Enhanced speed of fetching threat center counts for impacted assets.
π€ AI:
- Improved AI model for generating vulnerability recommendations. New findings are now reported with increased accuracy.
π API Autodiscovery:
- Added support for scanning schema files, including
GraphQL
,OpenAPI
,WSDL
, andXML
.
π οΈ OXO:
- Fixed issue where new agent groups were incompatible with all asset types.
- Added multi-select for asset types during agent group creation.
π» Flutter:
- Support added for the latest Flutter version
3.24
.
π Network Interception:
- Multiple bug fixes to prevent missed clear traffic.
- Improved interception of
TLS
traffic in native code. - Fixed decoding issues in
HTTP/1.1
traffic.
π‘οΈ Threat Center:
- Added coverage for CVEs:
CVE-2024-20439
&CVE-2024-20440
: Critical vulnerability in Cisco Smart Licensing Utility allowing administrative access. Severity: 9.8/10.CVE-2024-7593
: Critical authentication bypass vulnerability in Ivanti vTM. Severity: 9.8/10.CVE-2024-40766
: Critical vulnerability in SonicWall firewalls enabling unauthorized access. Severity: 9.3/10.CVE-2024-6386
: Critical RCE vulnerability in WPML WordPress plugin. Severity: 9.9/10.CVE-2024-39717
: Critical vulnerability in Versa Director allowing web shell installation. Severity: 9.8/10.CVE-2024-7029
: High-severity command injection in AVTECH IP cameras. Severity: 8.7/10.CVE-2024-43399
: Critical Zip Slip vulnerability in Mobile Security Framework (MobSF). Severity: 9.8/10.CVE-2024-6633
: Critical vulnerability in Fortraβs FileCatalyst Workflow. Severity: 9.8/10.
π§ͺ Taint Analysis:
- Improved code reachability reporting.
- Fixed incorrect StatFS findings.
- Added health detection API.
π Dynamic Analysis:
- Enhanced server findings reporting, including host and port numbers for open local ports.
π Port Scanning:
- Updated service and OS detection mechanisms.
- Fixed issue with empty services being collected.
π Web Crawling:
- Added screenshot functionality post-authentication for better debugging.
π Fingerprinting:
- Added support for fingerprinting tech stacks with active threats:
VigorConnect
,Ivanti
,MobSF
,Avtech IP Camera
,Versa
,SonicWALL SonicOS
.- Improved version detection when multiple versions of the same software are identified.
π Attack Surface:
- Fixed IP range handling for more accurate detection.
π GitHub Actions:
- Migrated from Docker to composite action, supporting workflows across
Windows
andMacOS
platforms.
We do newsletters, too
Get the latest news, updates, and product innovations from Ostorlab right in your inbox.
Subscribe