Trustwave Database Security Knowledgebase (ShatterKB) 6.08 is now available. It introduces new checks for IBM Db2 LUW, MongoDB, and updated checks for Teradata. It also brings updates to compliance policies and new for CIS and DISA STIG.
New Vulnerability and Configuration Check Highlights
IBM Db2 LUW
IBM Db2 missing patches (APAR IT32121, APAR IT32122)
Check the Db2 version to determine if the patch for APAR IT32121 or APAR IT32122 is missing.
Vulnerability in MongoDB Server - CVE-2021-20326
Check version to determine if the database contains vulnerability described by CVE-2021-20326.
Latest patch not applied
CIS v1.0.0 for Oracle 19c - Audit (Built-in)
This policy has been created with guidance of the security configuration benchmarks for Oracle 19c by the Center for Internet Security.
DISA-STIG Oracle 11.2g V2R1 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 11.2g Checklist Security Technical Implementation Guide V2R1"
DISA-STIG Oracle 12c V2R1 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 12c Checklist Security Technical Implementation Guide V2R1"
DISA-STIG SQL Server 2016 V2R1-3 Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "Microsoft SQL Server 2016 Security Technical Implementation Guide Version 2 Database Release 1 and Instance Release 3".
- Full list of policy updates is available in the readme file located in the support portal
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https: //www.trustwave.com/Company/Support/and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well