I’m pleased to announce that WAS Engine 8.5 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.
This update includes the following changes:
- Added new vulnerability tests:
- QID 150332 for WordPress Code Snippets plugin Cross-Site Resource Forgery (CSRF) Vulnerability
- QID 150333 for Oracle WebLogic Multiple vulnerabilities in Console & Core Component
- QID 150334 for Oracle WebLogic Core Component Unauthorized Modification of critical data Vulnerability
- QID 150335 for Oracle WebLogic Core Component Deserialization Vulnerability
- QID 150336 for Atlassian Jira Server and Data Center Improper Authentication Vulnerability (CVE-2020-14185)
- QID 150337 for Atlassian Jira Server and Data Center XSS vulnerability (CVE-2020-14184)
- QID 150338 for WordPress Envira Photo Gallery plugin Stored XSS Vulnerability
- QID 150339 for Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability
- QID 150340 for Apache Server-Status exposed (mod_status)
- QID 150341 for Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability
- QID 150342 for Atlassian Jira Server and Data Center Directory Traversal Vulnerability (CVE-2019-8442)
- Implemented improvements to reporting of POSTMAN Collection parsing status in QID 150021.
- Improved support to scanning APIs via POSTMAN collections.
- Implemented support for adding IGs in BlindFury-page.js and corresponding vulnerabilities.
- Improved the retest feature to allow for quicker retesting of vulnerabilities.
As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.