Loading...
Security Resources

Software Updates

Database Security Knowledgebase Update 5.56

Trustwave Database Security Knowledgebase version 5.56 includes new checks for MongoDB, SAP ASE, MySQL, and new policies for new releases of DISA-STIG and CIS.

New Vulnerability and Configuration Check Highlights

SAP ASE

  • SAP Adaptive Server Enterprise multiple vulnerabilities (security notes 2915585, 2916927, 2917022, 2917090, 2917273, 2917275)
    • Risk: High
    • Read more details about these vulnerabilities on the SpiderLabs Blog.

MongoDB

  • Ensure Encryption of data at rest
    • Risk: High

MySQL

  • log_error_suppression_list system variable value
    • Risk: Informational

Updated Checks

SAP ASE

  • Latest patch not applied
    • Risk: High
  • Patch not applied on time
    • Risk: High 

New Policies

  • CIS v1.0.0 for SQL Server 2019 - Audit (Built in)
  • CIS v3.0.0 for Oracle 12c - Audit (Built-In)
  • DISA-STIG Oracle 12c V1R17 - Audit (Built-in)
  • DISA-STIG PostgreSQL 9.x V1R7 - Audit (Built-In)
  • DISA-STIG PostgreSQL EDB V1R7 - Audit (Built-In)
  • DISA-STIG SQL Server 2014 V1R6-10-Audit (Built-in)
  • DISA-STIG SQL Server 2016 V1R5-9 Audit (Built-In)

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. (https: //www.trustwave.com/Company/Support/and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well