New Policies in February 2022 - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Release Notes

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2023-01-10
Category
Release Notes

The following Cortex Xpanse issue policies apply to both Cortex Xpanse Expander and Cortex Xpanse Assess. These policies were introduced or updated in February 2022:

  • AppGate SDP

  • Atlassian Bitbucket

  • Cisco Firepower Device policy added to update Cisco Firepower detection

  • Hikvision Device

  • IBM MQ

  • Insecure Atlassian Confluence Servers policy updated to identify versions before 7.4.10 and from 7.5.0 to 7.12.5

  • Insecure ISC BIND 9—identifies BIND 9 servers vulnerable to CVE-2021-25219

  • Insecure Microsoft Exchange Server Policy Update—This policy now identifies insecure versions of Microsoft Exchange 2019 prior to Cumulative Update (CU) 10, Exchange 2016 prior to CU21, and Exchange 2013 prior to CU23. This policy also identifies all End-of-Life (EOL) versions of Microsoft Exchange

  • Insecure OpenSSH

  • Insecure Node.js policy updated to identify versions 12.0.0-12.22.4, 14.0.0-14.17.4, and 16.0.0-16.6.1

  • Insecure PHP

  • ISC BIND 9

  • Long Validity Certificate policy was updated

  • Microsoft Azure CycleCloud

  • Roundcube Webmail

  • Spiceworks

  • Symantec Messaging Gateway

  • VMware Workspace ONE UEM

  • Wordpress Server policy updated to add the version extractor

Refer to the Cortex Xpanse User Guideor Cortex Xpanse Assess User Guide for more information about policies.