This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Knowledgebase version 4.46 includes new checks for vulnerabilities and configuration issues in MySQL and Oracle data stores.
New Vulnerability and Configuration Check Highlights
MySQL
- Critical Patch Update - January 2015
- Check the version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2015
- Relevant CVEs: CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0385, CVE-2015-0391, CVE-2015-0409, CVE-2015-0411, CVE-2015-0432
- Risk: High
- Load Data Local not disabled
- Verify whether Load Data Local is disabled.
- Risk: Medium
Oracle
- Critical Patch Update/Patch Set Update - January 2015
- Check the version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2015
- Relevant CVEs: CVE-2014-6514, CVE-2014-6541, CVE-2014-6567, CVE-2014-6577, CVE-2014-6578, CVE-2015-0370, CVE-2015-0371, CVE-2015-0373
- Risk: High
- Access to PKI authentication private key
- Check the value of the WALLET_LOCATION parameter to identify the location of wallets.
- Risk: Informational
How to Update?
All AppDetectivePRO and DbProtect customers can download the latest Knowledgebase Update 4.46 by visiting the Trustwave support portal at https://trustwave.com/Company/Support and selecting either the AppDetectivePRO or DbProtect product.
AppDetectivePRO customers can also update their deployment by launching the "Updater" within the product.