Software Updates

Database Security Knowledgebase Update 6.26 | Trustwave

Written by | Dec 7, 2022 5:38:00 PM

Trustwave Database Security Knowledgebase (ShatterKB) 6.26 is now available.It introduces new checks for MariaDB and MongoDB.

New Checks - MariaDB

Vulnerability in MariaDB Server - CVE-2022-21595

Description: Check the database version to determine if the patch for CVE-2022-21595 is missing.
Risk: Medium

New Checks - MongoDB

Ensure collections have validators set

Description: Verify that database collections have schema validation enabled and set.
Risk: Low

New Policies

  • DISA-STIG MongoDB EA 4.x V1R1 - Audit (Built-In)
    This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V1R1"
  • DISA-STIG PostgreSQL EDB V2R2 - Audit (Built-In)
    This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "PostgreSQL EDB Advanced Server Security Technical Implementation Guide V2R2"
  • DISA-STIG Crunchy Data PostgreSQL V2R1 (Built-In)
    This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Crunchy Data PostgreSQL Security Technical Implementation Guide V2R1"
  • DISA-STIG PostgreSQL 9.x V2R3 - Audit (Built-In)
    This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "PostgreSQL 9.x Security Technical Implementation Guide V2R3"

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/en-us/company/contact/ and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well