Trustwave Database Security Knowledgebase (ShatterKB) 6.27 is now available. It introduces new checks for PostgreSQL, IBM DB2 LUW, Microsoft SQL Server, Oracle and MySQL.
Multiple vulnerabilities may lead to denial of service or arbitrary code execution (CVE-2022-43680)
Description: Check the database version to determine if the patch for CVE-2022-43680 is missing.
Risk: High
Multiple vulnerabilities may lead to DoS or arbitrary code execution (CVE-2022-40674)
Description: Check the database version to determine if the patch for CVE-2022-40674 is missing.
Risk: High
Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High
Critical Patch Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2023.
Risk: High
Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High
Critical Patch Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2023.
Risk: High
New Checks - Oracle
Oracle Critical Patch Update/Patch Set Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - January 2023.
IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High
Maximum password lifetime restrictions
Description: In this case, effective limit equals the values of PASSWORD_GRACE_TIME & PASSWORD_LIFE_TIME. The default for the check parameter 'Maximum Effective Limit' equals 60.
Verify if the 'Maximum Effective Limit' is under the threshold of 60 days.
Risk: High
Oracle Critical Patch Update/Patch Set Update - January 2023
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - January 2023.
IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High
Latest release not applied (Amazon RDS)
Description: Check the database version to determine if the latest release has been applied.
Risk: High
DISA-STIG Oracle 12c V2R5 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 12c Checklist Security Technical Implementation Guide V2R5"