Trustwave Database Security Knowledgebase version 5.60 includes new checks for IBM Db2 and SAP ASE and updated checks for MongoDB, PostgreSQL, and Teradata.
It also introduces a new policy (Federal Tax Information) to help organizations required to comply with security safeguards outlined in IRS Publication 1075.
New Vulnerability and Configuration Check Highlights
IBM Db2
- Information disclosure and denial of service vulnerability via shared memory (CVE-2020-4414)
- Risk: High
- Read more about CVE-2020-4414 discovered by SpiderLabs
SAP ASE
- Sensitive information disclosure via the ASE_Suite.log file
- Risk: High
- Read more about CVE-2020-6295 and CVE-2020-6317 discovered by SpiderLabs
Updated Checks
MongoDB
- Latest patch not applied
- Risk: High
- Patch release not applied on time
- Risk: High
PostgreSQL
- Latest patch not applied
- Risk: High
- Patch release not applied on time
- Risk: High
Teradata
- Latest patch not applied
- Risk: High
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https: //www.trustwave.com/Company/Support/and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well