Software Updates

Database Security Knowledgebase Update 6.31 | Trustwave

Written by | Jun 7, 2023 4:38:00 PM

New Checks - Microsoft SQL Server

  • Microsoft SQL Server component vulnerabilities - CVE-2015-6420, CVE-2017-15708
    Description    : Check the database version to determine if the patch for CVE-2015-6420, CVE-2017-15708 are missing.
            Risk    : High

New Checks - Microsoft Azure SQL Database

  • Database permissions assigned to database principals
    Description    : List of database permissions assigned to database principals.
            Risk    : Low

  • Standard SQL Server authentication allowed
    Description    : Check if the authentication mode has been configured to allow standard SQL Server authentication.
            Risk    : Low

  • Server level permissions assigned to principals
    Description    : List of server level permissions assigned to principals.
            Risk    : Low

  • System Table Permissions
    Description    : Lists accounts and permissions granted to System Tables or System Views.
            Risk    : Informational

New Checks - MySQL

  • Critical Patch Update - April 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update - April 2023.
            Risk    : High

  • Critical Patch Update - April 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update - April 2023.
            Risk    : High

New Checks - Oracle

  • Oracle Critical Patch Update/Patch Set Update - April 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - April 2023.


    IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
            Risk    : Medium

  • Oracle Critical Patch Update/Patch Set Update - April 2023
    Description    : Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - April 2023.


    IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
            Risk    : Medium

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/Company/Support/ and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well
View full post