Trustwave Database Security Knowledgebase (ShatterKB) 6.11 is now available. It introduces new checks for Elasticsearch and PostgreSQL and new policies for CIS and DISA-STIG.
New Vulnerability and Configuration Check Highlights
Elasticsearch
-- No patches available for version
Check the version to determine if the database is a supported version that will be patched when security vulnerabilities are discovered.
Risk: High
-- Vulnerability in Elasticsearch Server - CVE-2021-22147
Check the database version to determine if the patch for CVE-2021-22147 is missing.
Risk: Medium
PostgreSQL
-- Vulnerability in PostgreSQL core server - CVE-2021-3677
Check the database version to determine if the patch for CVE-2021-3677 is missing.
Risk: Medium
New Policies
-- CIS v1.2.0 for SQL Server 2019 - Audit (Build In)
This policy has been created with guidance of the security configuration benchmarks by the Center for Internet Security.
-- DISA-STIG SQL Server 2014 Y21M07 Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "SQL Server 2014 Database STIG - V1R6" and "SQL Server 2014 Instance STIG - V2R1"
-- DISA-STIG SQL Server 2016 Y21M07 Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "SQL Server 2016 Database STIG - V2R1" and "SQL Server 2016 Instance STIG - V2R4"
-- DISA-STIG PostgreSQL 9.x V2R2 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "PostgreSQL 9.x Security Technical Implementation Guide V2R2"
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- AppDetectivePRO customers can use the Updater within the product as well