Loading...
Security Resources

Software Updates

Database Security

Database Security Knowledgebase Update 6.27

access_timeJanuary 24, 2023
share

Trustwave Database Security Knowledgebase (ShatterKB) 6.27 is now available. It introduces new checks for PostgreSQL, IBM DB2 LUW, Microsoft SQL Server, Oracle and MySQL.

New Checks - IBM DB2 LUW

Multiple vulnerabilities may lead to denial of service or arbitrary code execution (CVE-2022-43680)
Description: Check the database version to determine if the patch for CVE-2022-43680 is missing.
Risk: High

Multiple vulnerabilities may lead to DoS or arbitrary code execution (CVE-2022-40674)
Description: Check the database version to determine if the patch for CVE-2022-40674 is missing.
Risk: High

New Checks - Microsoft SQL Server

Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High

New Checks - MySQL

Critical Patch Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2023.
Risk: High

Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High

Critical Patch Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2023.
Risk: High

New Checks - Oracle

Oracle Critical Patch Update/Patch Set Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - January 2023.

IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High

Maximum password lifetime restrictions
Description: In this case, effective limit equals the values of PASSWORD_GRACE_TIME & PASSWORD_LIFE_TIME. The default for the check parameter 'Maximum Effective Limit' equals 60.

Verify if the 'Maximum Effective Limit' is under the threshold of 60 days.
Risk: High

Oracle Critical Patch Update/Patch Set Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - January 2023.

IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High

New Checks - PostgreSQL

Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High

New Policies

DISA-STIG Oracle 12c V2R5 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 12c Checklist Security Technical Implementation Guide V2R5"

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal.
  • AppDetectivePRO customers can use the Updater within the product as well