Trustwave Database Security Knowledgebase (ShatterKB) 6.10 is now available. It introduces new checks for Elasticsearch, MongoDB, Oracle, MariaDB, MySQL, and Percona for MySQL. It also adds a new built-in policy for Sensitive Data Discovery.
Elasticsearch
– Patch not applied on time
Check the database version to determine if the patch release has been installed in a timely manner.
Risk: High
– Vulnerabilities in Elasticsearch Server - CVE-2021-22137 and CVE-2021-22135
Check the database version to determine if the patch for CVE-2021-22137 and CVE-2021-22135 are missing.
Risk: Medium
– Vulnerability in Elasticsearch Server - CVE-2020-7020
Check the database version to determine if the patch for CVE-2020-7020 is missing.
Risk: Low
– Vulnerability in Elasticsearch Server - CVE-2020-7021
Check the database version to determine if the patch for CVE-2020-7021 is missing.
Risk: Medium
– Vulnerability in Elasticsearch Server - CVE-2021-22132
Check the database version to determine if the patch for CVE-2021-22132 is missing.
Risk: Medium
– Vulnerability in Elasticsearch Server - CVE-2021-22134
Check the database version to determine if the patch for CVE-2021-22134 is missing.
Risk: Medium
– Vulnerability in Elasticsearch Server - CVE-2021-22144
Check the database version to determine if the patch for CVE-2021-22144 is missing.
Risk: Medium
– Vulnerability in Elasticsearch Server - CVE-2021-22145
Check the database version to determine if the patch for CVE-2021-22145 is missing.
Risk: Medium
MariaDB
– Ensure socket file has write access for mysql user
Verifies that the "mysql.sock" file has write access for "mysql" user.
Risk: Medium
– Ensure users are uniquely identified and authorized if they are from outside the organization
Verify that users are uniquely identified and authorized if they are from outside the organization.
Risk: Medium
Minimum AD/SE version to run: 9.0/3.6to administrative access for auditing.
MongoDB
– Vulnerability in MongoDB Server - CVE-2021-20333
Check the database version to determine if the patch for CVE-2021-20333 is missing.
Risk: Low
MySQL
– Critical Patch Update - July 2021
Check version to determine if the database contains vulnerabilities described by Critical Patch Update - July 2021.
Risk: High
– Ensure socket file has write access for mysql user
Verifies that the "mysql.sock" file has write access for "mysql" user.
Risk: Medium
– Ensure users are uniquely identified and authorized if they are from outside the organization
Verify that users are uniquely identified and authorized if they are from outside the organization.
Risk: Medium
– Network ports and protocols configuration (PPSM)
Reports the values of the parameters responsible for configuring network ports and protocols used by MySQL server.
Risk: Medium
Oracle
– Critical Patch Update/Patch Set Update - July 2021
Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - July 2021.
Risk: High
Percona for MySQL
– Ensure socket file has write access for mysql user
Verifies that the "mysql.sock" file has write access for "mysql" user.
Risk: Medium
– Ensure users are uniquely identified and authorized if they are from outside the organization
Verify that users are uniquely identified and authorized if they are from outside the organization.
Risk: Medium
– Network ports and protocols configuration (PPSM)
Reports the values of the parameters responsible for configuring network ports and protocols used by Percona for MySQL server.
Risk: Medium
– Sensitive Data Discovery
This policy examines for the existence of sensitive data in databases assessing for personally identifiable information (PII) and protected health information (PHI).
– Includes checks for Microsoft SQL Server, Oracle, MySQL, and PostgreSQL.