Software Updates

Database Security Knowledgebase Update 6.38

Written by | Nov 13, 2023 3:40:27 PM

Trustwave Database Security Knowledgebase (ShatterKB) 6.38 is now available. It introduces new checks for Oracle, Cassandra, MySQL and Microsoft Azure SQL Database.

 

New Checks - Cassandra

  • Default cassandra user found
    Description    : Verify if default user 'cassandra' is present in the database.
            Risk    : Medium

  • Cassandra - CVE-2023-30601
    Description    : Check the database version to determine if the patch for CVE-2023-30601 is missing.
            Risk    : High

  • Cassandra - CVE-2016-4970
    Description    : Check the database version to determine if the patch for CVE-2016-4970 is missing.
            Risk    : High

New Checks - Microsoft Azure SQL Database

  • Audit records for successful attempts to modify security objects
    Description    : Check if audit records are generated when security objects are modified
            Risk    : Medium

  • Audit records for successful logons
    Description    : Check if audit records are generated when successful logons or connections occur.
            Risk    : Medium

  • Audit records for unsuccessful attempts to modify security objects
    Description    : Check if audit records are generated when unsuccessful attempts to modify security objects occur
            Risk    : Medium

  • Audit records for unsuccessful granting of privileges
    Description    : Check if audit records are generated when unsuccessful attempts to add privileges/permissions occur.
            Risk    : Medium

  • Audit records for successful logons from different workstations
    Description    : Check if audit records are generated when concurrent logons/connections by the same user from different workstations occur.
            Risk    : Medium

  • Audit records for unsuccessful attempts to modify permissions
    Description    : Check if audit records are generated when unsuccessful attempts to modify privileges/permissions occur.
            Risk: Medium

  • Audit records generates time for user access to the database
    Description    : Check if audit records show the starting and ending time for user access to the database.
            Risk    : Medium

  • Audit records of successful granting of privileges
    Description    : Check if audit records are generated when privileges/permissions are added.
            Risk    : Medium

  • Audit records for successful attempts to modify permissions
    Description    : Check if audit records are generated when privileges/permissions are modified.
            Risk: Medium

  • Audit records for unsuccessful attempts to delete security objects
    Description    : Check if audit records are generated when unsuccessful attempts to delete security objects occur
            Risk    : Medium

  • Audit records for successful attempts to delete security objects
    Description    : Check if audit records are generated when security objects are deleted
            Risk    : Medium

  • Audit records for unsuccessful attempts to delete permissions
    Description    : Check if audit records are generated when unsuccessful attempts to delete privileges/permissions occur.
            Risk    : Medium

  • Audit records for successful attempts to delete permissions
    Description    : Check if audit records are generated when privileges/permissions are deleted.
            Risk    : Medium

  • Audit records for unsuccessful logons
    Description    : Check if audit records are generated when unsuccessful logons or connection attempts occur.
            Risk    : Medium

New Checks - MySQL

  • Critical Patch Update - October 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2023.
            Risk    : High

  • Critical Patch Update - October 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2023.
            Risk    : High

New Checks - Oracle

  • Oracle Critical Patch Update/Patch Set Update - October 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2023.



    IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
            Risk    : High

  • Oracle Critical Patch Update/Patch Set Update - October 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2023.



    IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
            Risk    : High

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/Company/Support/ and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well

 
View full post