Trustwave Database Security Knowledgebase (ShatterKB) 6.08 is now available. It introduces new checks for IBM Db2 LUW, MongoDB, and updated checks for Teradata. It also brings updates to compliance policies and new for CIS and DISA STIG.
New Vulnerability and Configuration Check Highlights
IBM Db2 LUW
IBM Db2 missing patches (APAR IT32121, APAR IT32122)
Check the Db2 version to determine if the patch for APAR IT32121 or APAR IT32122 is missing.
Risk: High
MongoDB
Vulnerability in MongoDB Server - CVE-2021-20326
Check version to determine if the database contains vulnerability described by CVE-2021-20326.
Risk: Medium
Updated Checks
Teradata
Latest patch not applied
Risk: High
New Policies
CIS v1.0.0 for Oracle 19c - Audit (Built-in)
This policy has been created with guidance of the security configuration benchmarks for Oracle 19c by the Center for Internet Security.
DISA-STIG Oracle 11.2g V2R1 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 11.2g Checklist Security Technical Implementation Guide V2R1"
DISA-STIG Oracle 12c V2R1 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 12c Checklist Security Technical Implementation Guide V2R1"
DISA-STIG SQL Server 2016 V2R1-3 Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "Microsoft SQL Server 2016 Security Technical Implementation Guide Version 2 Database Release 1 and Instance Release 3".
Updated Policies
- Full list of policy updates is available in the readme file located in the support portal
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- AppDetectivePRO customers can use the Updater within the product as well