Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Database Security Knowledgebase Update 5.12

March 15, 2017

Lolita Chandra

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.12 includes new and updated checks for Oracle and Sybase ASE.

New Vulnerability and Configuration Check Highlights

Oracle

SQL Injection in CDBView package

o Database Activity Monitoring - Monitor for attacks using sys.CDBView.create_cdbview SQL Injection.

o Risk: Auditing

o Relevant CVEs:N/A

Updated Checks

Sybase ASE

Check for Sybase ASE 16.0 SP02 PL05 HF1

o Vulnerability Assessment - Latest patch not applied

o Risk: High

o Relevant CVEs:N/A

Check for Sybase ASE 16.0 SP02 PL05 HF1

o Vulnerability Assessment - Patch not applied on time

o Risk: High

o Relevant CVEs:N/A

New Policies

DISA-STIG SQL Server 2014 V1R3 - Audit (Built-In)
DISA-STIG SQL Server 2012 V1R13 - Audit (Built-In)

Availability

Available to allAppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost
AppDetectivePRO customers can use the Updater within the product as well

Related SpiderLabs Blogs

ChatGPT: The Right Tool for the Job?

SpiderLabs Blog

OneNote Spear-Phishing Campaign

SpiderLabs Blog

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 1

SpiderLabs Blog

Blogs & Stories

SpiderLabs Blog

Database Security Knowledgebase Update 5.12

Related SpiderLabs Blogs

ChatGPT: The Right Tool for the Job?

OneNote Spear-Phishing Campaign

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 1

Stay Informed

Help Us Stop the Robot Uprising

Thank You

Thank You