Database Security Knowledgebase Update 5.12

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.12 includes new and updated checks for Oracle and Sybase ASE.

New Vulnerability and Configuration Check Highlights

Oracle

  • SQL Injection in CDBView package

o Database Activity Monitoring - Monitor for attacks using sys.CDBView.create_cdbview SQL Injection.

o Risk: Auditing

o Relevant CVEs:N/A

Updated Checks

Sybase ASE

  • Check for Sybase ASE 16.0 SP02 PL05 HF1

o Vulnerability Assessment - Latest patch not applied

o Risk: High

o Relevant CVEs:N/A

  • Check for Sybase ASE 16.0 SP02 PL05 HF1

o Vulnerability Assessment - Patch not applied on time

o Risk: High

o Relevant CVEs:N/A

New Policies

  • DISA-STIG SQL Server 2014 V1R3 - Audit (Built-In)
  • DISA-STIG SQL Server 2012 V1R13 - Audit (Built-In)

Availability

  • Available to allAppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost
  • Download SHATTER Knowledgebase from the Trustwave Support Portal (https://www.trustwave.com/Company/Support/ and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well