Trustwave Database Security Knowledgebase (ShatterKB) 6.27 is now available. It introduces new checks for PostgreSQL, IBM DB2 LUW, Microsoft SQL Server, Oracle and MySQL.
New Checks - IBM DB2 LUW
Multiple vulnerabilities may lead to denial of service or arbitrary code execution (CVE-2022-43680)
Description: Check the database version to determine if the patch for CVE-2022-43680 is missing.
Risk: High
Multiple vulnerabilities may lead to DoS or arbitrary code execution (CVE-2022-40674)
Description: Check the database version to determine if the patch for CVE-2022-40674 is missing.
Risk: High
New Checks - Microsoft SQL Server
Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High
New Checks - MySQL
Critical Patch Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2023.
Risk: High
Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High
Critical Patch Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2023.
Risk: High
New Checks - Oracle
Oracle Critical Patch Update/Patch Set Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - January 2023.
IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High
Maximum password lifetime restrictions
Description: In this case, effective limit equals the values of PASSWORD_GRACE_TIME & PASSWORD_LIFE_TIME. The default for the check parameter 'Maximum Effective Limit' equals 60.
Verify if the 'Maximum Effective Limit' is under the threshold of 60 days.
Risk: High
Oracle Critical Patch Update/Patch Set Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - January 2023.
IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High
New Checks - PostgreSQL
Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High
New Policies
DISA-STIG Oracle 12c V2R5 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 12c Checklist Security Technical Implementation Guide V2R5"
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal.
- AppDetectivePRO customers can use the Updater within the product as well
