Qualys WAS Engine 8.19 Released

John Delaroderie

Qualys Web Application Scanning Engine 8.19 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.

This update includes the following changes:

  • Improvements to Total Scan Time reporting in QID 150021
  • Improvements to External Redirect URLs QID 150516
  • Improvements to Postman Collection request header processing
  • Improvements to Open Redirect when using custom authentication
  • General engine improvements

Additional QIDs released:

  • QID 150538 Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2022)
  • QID 150539 Apache HTTP Server 2.4.53 Multiple Vulnerabilities
  • QID 150540 Apache ShenYu plugin API unauthenticated access (CVE-2022-23944)
  • QID 150541 Apache Tomcat Cross-Site Scripting(XSS) Vulnerability (CVE-2022-34305)
  • QID 150542 PHP Multiple Remote Code Execution Vulnerabilities (CVE-2022-31626,CVE-2022-31625)
  • QID 150543 WordPress Smush Plugin : Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2022-1009)
  • QID 150544 WordPress Tabs Responsive Plugin : Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2022-1298)
  • QID 150547 Atlassian Jira Server Multiple Vulnerabilities (OCT-2018)
  • QID 150548 WordPress Form Maker Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2022-1564)
  • QID 150549 WordPress Photo Gallery Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2022-1394)
  • QID 150550 WordPress Rating by BestWebSoft Plugin: Denial of Service Vulnerability (CVE-2021-25121)
  • QID 150551 WordPress Bold Page Builder Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2022-2089)
  • QID 150552 WordPress Download Manager Plugin: Reflected Cross-Site Scripting Vulnerability (CVE-2022-2168)
  • QID 150553 Apache Solr Improper Input Validation Vulnerability (CVE-2021-44548)
  • QID 154117 Drupal Core Cross-Site Scripting (XSS) Vulnerability (SA-CORE-2022-002)
  • QID 154118 Drupal Core Cross-Site Scripting (XSS) Vulnerability (CVE-2021-41182)
  • QID 154119 Drupal Core: Guzzle Library Multiple Vulnerabilities (CVE-2022-31043,CVE-2022-31042)
  • QID 154120 Drupal Core: Guzzle Library Information Disclosure Vulnerability (CVE-2022-29248)
  • QID 154121 Drupal Core: Guzzle Library Improper Input Validation Vulnerability (CVE-2022-24775)

As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.

Happy Scanning.

Share your Comments

Comments

Your email address will not be published.