What’s New in InsightVM and Nexpose: Q1 2023 in Review

Last updated at Fri, 31 Mar 2023 15:49:40 GMT

In Q1, our team continued to focus on driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance. While many of these updates are under the hood, you may have started to notice faster vulnerability checks available for the recent ETRs or an upgraded user interface for the console Admin page. Let’s take a look at some of the key updates in InsightVM and Nexpose from Q1.

[InsightVM and Nexpose] View expiration date for Scan Assistant digital certificates

Scan Assistant, a lightweight service deployed on the asset, leverages the Scan Engine and digital certificates to securely deliver the core benefits of authenticated scanning without the need to manage traditional account-based credentials.

Customers can now easily determine the validity of a Scan Assistant digital certificate by viewing the Expiration Date on the Shared Scan Credential Configuration page.

[InsightVM and Nexpose] A new look for the Console Administration page

We updated the user interface (UI) of the Console Administration page to facilitate a more intuitive and consistent user experience across InsightVM and the Insight Platform. You can even switch between light mode and dark mode for this page. This update is part of our ongoing  Security Console experience transformation to enhance its usability and workflow—stay tuned for more updates!

[InsightVM and Nexpose] Checks for notable vulnerabilities

Rapid7’s Emergent Threat Response (ETR) program flagged multiple CVEs this quarter. InsightVM and Nexpose customers can assess their exposure to many of these CVEs with vulnerability checks, including:

• Oracle E-Business Suite CVE-2022-21587: Added to the CISA Known Exploited Vulnerabilities (KEV) catalog, this vulnerability affected a collection of Oracle enterprise applications and can lead to unauthenticated remote code execution. Part of our recurring coverage, learn more about the vulnerability and our response.
• VMware ESXi Servers CVE-2021-21974: VMware ESXi is used by enterprises to deploy and serve virtual computers. VMware ESXi servers worldwide were targeted by a ransomware that leveraged CVE-2021-21974. Part of our recurring coverage, learn more about the vulnerability and our response.
• ManageEngine CVE-2022-47966: ManageEngine offers a variety of enterprise IT management tools to manage IT operations. At least 24 on-premise ManageEngine products were impacted from the exploitation of CVE-2022-47966, a pre-authentication remote code execution (RCE) vulnerability. Learn more about the vulnerability and our response.
• Control Web Panel CVE-2022-44877: Control Web Panel is a popular free interface for managing web servers. In early January, security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877, an unauthenticated remote code execution vulnerability in Control Web Panel (CWP, formerly known as CentOS Web Panel).  Learn more about the vulnerability and our response.
• GoAnywhere MFT CVE-2023-0669: Fortra’s GoAnywhere MFT offers managed file transfer solutions for enterprises. CVE-2023-0669, an actively exploited zero-day vulnerability affected the on-premise instances of Fortra’s GoAnywhere MFT. Learn more about the vulnerability and our response.
• Jira Service Management Products CVE-2023-22501: Atlassian’s Jira Service Management Server and Data Center offerings were impacted by CVE-2023-22501, a critical broken authentication vulnerability that  allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. Learn more about the vulnerability and our response.
• ZK Framework CVE-2022-36537: The vulnerability in ZK Framework, an open-source Java framework for creating web applications, was actively exploited due to its use in ConnectWise R1Soft Server Backup Manager, and allowed remote code execution and the installation of malicious drivers that function as backdoors. Learn more about the vulnerability and our response.

Up Next for InsightVM | Custom Policies with Agent-Based Policy Assessment

Guidelines from Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG) are widely used industry benchmarks for configuration assessment. However, a benchmark or guideline as-is may not meet the unique needs of your business. Very soon (next quarter soon), you can start using Agent-Based Policy for custom policy assessment.