Trustwave Database Security Knowledgebase version 5.56 includes new checks for MongoDB, SAP ASE, MySQL, and new policies for new releases of DISA-STIG and CIS.
New Vulnerability and Configuration Check Highlights
SAP ASE
- SAP Adaptive Server Enterprise multiple vulnerabilities (security notes 2915585, 2916927, 2917022, 2917090, 2917273, 2917275)
- Risk: High
- Read more details about these vulnerabilities on the SpiderLabs Blog.
MongoDB
- Ensure Encryption of data at rest
MySQL
- log_error_suppression_list system variable value
Updated Checks
SAP ASE
- Patch not applied on time
New Policies
- CIS v1.0.0 for SQL Server 2019 - Audit (Built in)
- CIS v3.0.0 for Oracle 12c - Audit (Built-In)
- DISA-STIG Oracle 12c V1R17 - Audit (Built-in)
- DISA-STIG PostgreSQL 9.x V1R7 - Audit (Built-In)
- DISA-STIG PostgreSQL EDB V1R7 - Audit (Built-In)
- DISA-STIG SQL Server 2014 V1R6-10-Audit (Built-in)
- DISA-STIG SQL Server 2016 V1R5-9 Audit (Built-In)
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- AppDetectivePRO customers can use the Updater within the product as well