The following Cortex Xpanse issue policies apply to both Cortex Xpanse Expander and Cortex Xpanse Assess. These policies were introduced or updated in February 2022:
AppGate SDP
Atlassian Bitbucket
Cisco Firepower Device policy added to update Cisco Firepower detection
Hikvision Device
IBM MQ
Insecure Atlassian Confluence Servers policy updated to identify versions before 7.4.10 and from 7.5.0 to 7.12.5
Insecure ISC BIND 9—identifies BIND 9 servers vulnerable to CVE-2021-25219
Insecure Microsoft Exchange Server Policy Update—This policy now identifies insecure versions of Microsoft Exchange 2019 prior to Cumulative Update (CU) 10, Exchange 2016 prior to CU21, and Exchange 2013 prior to CU23. This policy also identifies all End-of-Life (EOL) versions of Microsoft Exchange
Insecure OpenSSH
Insecure Node.js policy updated to identify versions 12.0.0-12.22.4, 14.0.0-14.17.4, and 16.0.0-16.6.1
Insecure PHP
ISC BIND 9
Long Validity Certificate policy was updated
Microsoft Azure CycleCloud
Roundcube Webmail
Spiceworks
Symantec Messaging Gateway
VMware Workspace ONE UEM
Wordpress Server policy updated to add the version extractor
Refer to the Cortex Xpanse User Guideor Cortex Xpanse Assess User Guide for more information about policies.