Vulnerabilities page updates: Major improvements to accelerate remediation

We know that most security teams today handle a backlog of thousands of vulnerabilities. We also know that not all of these vulnerabilities pose a significant risk to your organization, whether or not they have a high severity score or are present on a business-critical asset. We’ve spoken with dozens of security teams over the last few months and have learned that filtering vulnerabilities across several factors is critical to accelerating remediation.

We’re excited to introduce the new Vulnerabilities page to all customers (including those in an active trial). The new Vulnerabilities page provides a more holistic overview of the current state of the vulnerabilities present on your attack surface. Users can now view, sort, filter, and export findings using this page.

Powerful new capabilities on the new Vulnerabilities page

Whether you’re a seasoned user or new to Detectify, you’re probably familiar with how to use our previous Vulnerabilities page. Nevertheless, with this new update, you have access to some powerful capabilities that weren’t previously available. 

Combining multiple filters to narrow down vulnerability information makes it possible to address the threats on web applications you know are most business-critical. These can then be exported as and when needed.  

Suppress findings you know aren’t an issue for your organization. Now, you can filter your attack surface for certain vulnerability types or even severity scores you don’t want to see again and more easily mark them as an acceptable risk.

• Get a demo of the new page by watching this previous webinar recording presented by a member of our product team.
• Looking for more information about this page? Head over to our knowledge base to learn how to start using the new Vulnerabilities page to accelerate remediation.

Additional product updates:

• Vulnerabilities marked as ‘Fixed’ will no longer be visible under ‘Open’ from the Vulnerabilities page.
• Issues with the AWS connector are now resolved. 
• The scan profile and host (hostname) filters are now available via the Vulnerabilities API endpoint.
• Users will now have the option to set up weekly scanning when configuring a new scan profile.
• See who on your team started or stopped a scan in the UI, which we hope will save you some time. 

Recently added crowdsourced vulnerabilities

Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.

• CVE-2023-23752: Improper Access Check In Webservice Endpoints
• CVE-2023-0669: GoAnywhere RCE
• CVE-2023-0126: SMA1000 Sonicwall Pre-Authenticated Path Traversal
• CVE-2022-47966: ManageEngine RCE
• CVE-2022-44877: Centos Web Panel RCE
• CVE-2022-39195: L-Soft LISTSERV Reflected XSS
• CVE-2022-21587: Oracle Oracle E-Business Suite RCE
• CVE-2018-11409: Splunk Server Info Disclosure
• CVE-2017-17736: Kentico CMS Privilege Escalation via Installer
• Apache Struts OGNL Console & devMode
• Apache Struts ShowCase Application Exposure
• Atlassian Jira Installer Exposure
• Avaya Aura Utility Services Administration RCE
• Avaya Aura Utility Services Administration XSS
• Brandfolder XSS
• Dolibarr “phpinfo.php” Exposure
• GLPI session disclosure
• Joomla! Registration Enabled
• Nagios XI installer exposure
• SiteMinder XSS
• Vmware Cloud Director XSS