Ridge Security annuncia la nuova release 4.2 con la nuova plugin library 4.11 – 4.16.
In questa versione, viene fornita un’opzione di aggiornamento online sia per il software RidgeBot che per la libreria dei plug-in. RidgeBot, in particolare, invierà automaticamente una nuova notifica di rilascio del software all’utente che potrà scegliere tra “aggiornamento online” e “aggiornamento offline”.
Nella versione 4.2, sarà inoltre aggiunto Microsoft Authenticator come autenticazione a due fattori. Infine, aumenta il numero massimo di destinazioni per attività ,da una subnet di classe C (256 IP) a quattro subnet di classe C (1024 IP).
Nuovi
Plugin
| New Application Scan Plugins | New Exploit Plugins |
|---|---|
| Jellyfin RemoteImageController.cs SSRF (CVE-2021-29490) - WordPress BackupBuddy Plugin Arbitrary File Download (CVE-2022-31474) | Bitbucket Server Remote Code Execution (CVE-2022-36804) |
| Bitbucket Server Remote Code Execution (CVE-2022-36804) - Nostromo Remote Command Execution (CVE-2019-16278) | Gerapy Command Execution (CVE-2021-43857) - |
| Gerapy Command Execution (CVE-2021-43857) - ASP Code Injection Ruby Code Injection Perl code injection ThinkPHP 5.x Arbitrary File Read Android Debug Port | Apache Superset Remote Code Execution (CVE-2020-13948) |
| Apache Superset Remote Code Execution (CVE-2020-13948) - Hongdian H8922 Arbitrary File Read (CVE-2021-28149)- Exchange SSRF (CVE-2022-41040) | Nostromo Remote Command Execution (CVE-2019-16278) |
| SOAPpy XML External Entity Injection Vulnerability (CVE-2014-3242) -Apache Shiro Authentication Bypass (CVE-2022-40664) - Jenkins Arbitrary File Reading (CVE-2018-1999002) - Jquery XSS (CVE-2020-11022) | Vsftpd Version 2.3.4 Code Execution (CVE-2011-2523) |
| VMware vCenter Server Log4j (CVE-2021-44228) -Jenkins User Enumeration (CVE-2018-1000110) - jQuery XSS (CVE-2020-11023) - jQuery XSS (CVE-2015-9251) | Apache Solr Deserialization Remote Code Execution (CVE-2019-0192) |
| GitLab CE/EE Arbitrary Files Read (CVE-2020-10977) - Apache Solr Deserialization Remote Code Execution (CVE-2019-0192) - Fortinet Authentication Bypass (CVE-2022-40684) - Confluence Server Hardcoded (CVE-2022-26138) - jQuery XSS (CVE-2019-11358) -ClickHouse Unauthorized Access (CNVD-2020-55986) | PrintNightmare-Windows Print Spooler Remote Code Execution Exploit (CVE-2021-34527) (Post Exploitation) |