Trustwave Database Security Knowledgebase (ShatterKB) 6.28 is now available. It introduces new checks for Microsoft SQL Server and PostgreSQL.
New Checks - Microsoft SQL Server
- Microsoft SQL Server - CVE-2023-21713, CVE-2023-21704, CVE-2023-21705, CVE-2023-21718, CVE-2023-21528, CVE-2022-41064
- Description: Check the database version to determine if the patch for CVE-2023-21713, CVE-2023-21704, CVE-2023-21705, CVE-2023-21718, CVE-2023-21528, CVE-2022-41064 is missing.
- Risk: High
New Checks - PostgreSQL
- Vulnerability in PostgreSQL client - CVE-2022-41862
- Description: Check the database version to determine if the patch for CVE-2022-41862 is missing.
- Risk: Low
New Policies
- DISA-STIG MariaDB 10.x V1R2 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "MariaDB 10.x Security Technical Implementation Guide V1R2"
- DISA-STIG Oracle 12c V2R6 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 12c Checklist Security Technical Implementation Guide V2R6"
- DISA-STIG MongoDB EA 4.x V1R2 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V1R2"
- DISA-STIG SQL Server 2014 Y22M10 Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "SQL Server 2014 Database STIG - V1R6" and "SQL Server 2014 Instance STIG - V2R3"
- DISA-STIG SQL Server 2016 Y22M10 Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "SQL Server 2016 Database STIG - V2R5" and "SQL Server 2016 Instance STIG - V2R8"
- DISA-STIG MySQL 8.0 V1R3 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "MySQL 8.0 Security Technical Implementation Guide V1R3"
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/company/support/ and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well