Security Resources

Software Updates

AppDetectivePRO and DbProtect Knowledgebase Update 4.56

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.

Knowledgebase version 4.56 includes new check for MS Azure SQL, new policy for Oracle, and updated checks for Oracle, MS SQL, and SAP (Sybase) Adaptive Server Enterprise (ASE) version 15.7.

New Vulnerability and Configuration Check Highlights

MS AZURE SQL DATABASE

  • Application roles found
    • Lists all application roles found
    • Risk: Informational
    • Relevant CVEs: N/A

New Policies

DISA-STIG Oracle 11gR2 V1R5 – Audit (Built-In)

  • This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "Oracle Database 11.2g Security Technical Implementation Guide Version 1 Release 5".
  • AppDetectivePRO users should use the DISA STIG NEW! Policy as the new policies are part of the super set of DISA STG policies.

Updated Checks

MS SQL Server

  • Latest service pack/hot fix not applied
    • Updated to check for Microsoft SQL Server 2012 Service Pack 3.
    • Risk: High
    • Relevant CVEs: N/A
  • Service pack not applied on time
    • Updated to check for Microsoft SQL Server 2012 Service Pack 3
    • Risk: High
    • CVEs: N/A

SAP (Sybase) ASE

  • Latest patch not applied
    • Check for Sybase ASE 15.7 SP64 and SP136
    • Risk: High
    • Relevant CVEs: N/A
  • Patch not applied on time
    • Check for Sybase ASE 15.7 SP64 and SP136
    • Risk: High
    • Relevant CVEs: N/A

.

How to Update?

All AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing can download the latest Knowledgebase Update 4.56 by visiting the Trustwave support portal at https://trustwave.com/Company/Support and selecting either the AppDetectivePRO or DbProtect product.

AppDetectivePRO customers can also update their deployment by launching the "Updater" within the product.