Loading...
Security Resources

Software Updates

Database Security Knowledgebase Update 6.24

Trustwave Database Security Knowledgebase (ShatterKB) 6.24 is now available. It introduces new checks for IBM DB2 LUW, Microsoft SQL Server, Oracle and MongoDB.

New Checks - IBM DB2 LUW

IBM Db2 is vulnerable to an information disclosure caused by improper privilege management (CVE-2022-22483)
Description: Check the database version to determine if the patch for CVE-2022-22483 is missing.
Risk: Medium

IBM Db2 is vulnerable to a denial of service (CVE-2022-35637)
Description: Check the database version to determine if the patch for CVE-2022-35637 is missing.
Risk: Medium

New Checks - Microsoft SQL Server

Auditing of successful and failed login attempts for contained DB authentication
Description: Verify that auditing is enabled for both successful and failed login attempts for contained DB authentication
Risk: Medium

New Checks - MongoDB

Ensure that the auditLog destination value is set to syslog
Description: Verify that the MongoDB config option auditLog.destination is set to the value 'syslog'.
Risk: Low

New Checks - Oracle

Use Oracle TDE for At-Rest Data Encryption
Description: Verify that database objects are encrypted on a column, table, and tablespace level.
Risk: Medium

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. 
  • AppDetectivePRO customers can use the Updater within the product as well