Trustwave Database Security Knowledgebase (ShatterKB) 6.25 is now available. It introduces new checks for Microsoft SQL Server, Oracle and MySQL.
New Checks - Microsoft SQL Server
• Procedures with public permission allow access to registry
Description: Verify if there is a Procedure with public permission that allow access to registry.
Risk: High
• Procedures with public permission allow access to file system
Description: Verify if there are the Procedures with public permission that allow access to registry.
Risk: High
• Procedures with public permission allow access to operating system
Description: Verify if there is a Procedure with public permission that allow access to operating system.
Risk: High
• User CLR assemblies should not be defined in the database
Description: Verify if there are a User CLR assemblies defined in the database.
Risk: High
• Create a baseline of External Key Management Providers
Description: Verifies if the system is using the EKM (External Key Management) providers.
Risk: Medium
• Track all users with access to the database
Description: Verify that the users within the MSSQL server database are authorized.
Risk: Low
• Procedure with public permission allow access to windows groups
Description: Verify if there is a Procedure with public permission that allow access to windows groups.
Risk: Medium
New Checks - MySQL
• Critical Patch Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2022.
Risk: High
• Critical Patch Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2022.
Risk: High
New Checks - Oracle
• Oracle Critical Patch Update/Patch Set Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2022.
IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High
• Oracle Critical Patch Update/Patch Set Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2022.
IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High
Availability
• Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
• Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/en-us/company/support/ and select AppDetectivePRO or DbProtect)
• AppDetectivePRO customers can use the Updater within the product as well