Ridge Security annuncia la nuova release 4.2.1 con la nuova plugin library 4.17 – 4.20.

In questa versione, RidgeBot, fornisce un report differenziale che permette di confrontare i risultati di due test sullo stesso target. Tale report mostrerà chiaramente quali rischi saranno stati corretti o modificati rispetto all’ultimo test; inoltre con l’integrazione di Gitlab e Jira Cloud, sarà possibile per il team DevSecOps di attivare un flusso di lavoro automatizzato per la correzione dei rischi e delle segnalazioni rilevate. 

New Host and Application Scan Plugins New Exploit Plugins
Redis Sandbox Escape (CVE-2022-0543);Apache DolphinScheduler Privilege Escalation (CVE-2020-13922);Jackson-databind Remote Code Execution (CVE-2020-24616);Apache Commons Text Remote Command Execution (CVE-2022-42889) Redis Sandbox Escape (CVE-2022-0543); GLPI Remote Command Execution (CVE-2022-35914)
GLPI Remote Command Execution (CVE-2022-35914); Roxy-Wi Remote Command Execution Vulnerability (CVE-2022-31137); Apache Airflow Celery Broker Remote Command Execution (CVE-2020-11981);Jackson Remote Code Execution (CVE-2019-12384) Apache Airflow Celery Broker Remote Command Execution (CVE-2020-11981); Jackson Remote Code Execution (CVE-2019-12384)
Command Injection In Apache Airflow Sample Dag (CVE-2020-11978); Adobe ColdFusion Deserialization (CVE-2017-3066); CGI HTTPoxy Proxy Not Verified (CVE-2016-5385); GitLab Arbitrary File Reading (CVE-2016-9086) Command Injection In Apache Airflow Sample Dag (CVE-2020-11978); Adobe ColdFusion Deserialization (CVE-2017-3066)
Mysql Authentication Bypass (CVE-2012-2122); Mini_Httpd Arbitrary File Reading (CVE-2018-18778); Apache HTTPD Newline Parsing (CVE-2017-15715); Neo4j Shell Server Deserialization (CVE-2021-34371) Aria2 Arbitrary File Upload; Apache SSI Remote Code Execution;
Jackson-databind Deserialization (CVE-2017-7525); ntopng Authentication Bypass (CVE-2021-28073); Spring Boot Actuator (jolokia) XXE/RCE; Aria2 Arbitrary File Upload YApi <1.12.0 Remote Code Execution; Celery <4.0 Redis Unauthorized Access; Neo4j Shell Server Deserialization (CVE-2021-34371)
Aria2 Arbitrary File Upload; Apache SSI Remote Code Execution; YApi <1.12.0 Remote Code Execution; Celery <4.0 Redis Unauthorized Access Jackson-databind Deserialization (CVE-2017-7525); Java RMI Deserializaton Remote Code Execution Exploit (CVE-2017-3241)

Scopri RidgeBot

Fissa una demo con i nostri esperti e scopri RidgeBot, il pentest veloce e continuo di RidgeSecurity.
RIchiedi la TRIAL gratuita

Compila il form per richiedere informazioni su Ridge Security

Articolo originale: RidgeBot 4.2.1 Release Annoucement – autore Ridge Security Marketing

Traduzione e riadattamento da parte di CIPS Informatica -Ridge Security Blog - © 2022 Ridge Security, Inc.

Credits articolo

Articolo originale: RidgeBot 4.2.1 Release Annoucement – autore Ridge Security Marketing

Traduzione e riadattamento da parte di CIPS Informatica -Ridge Security Blog - © 2022 Ridge Security, Inc.

Credits articolo
MENU
Torna in cima