Database Security Knowledgebase Update 5.60

Trustwave Database Security Knowledgebase version 5.60 includes new checks for IBM Db2 and SAP ASE and updated checks for MongoDB, PostgreSQL, and Teradata.

It also introduces a new policy (Federal Tax Information) to help organizations required to comply with security safeguards outlined in IRS Publication 1075.

New Vulnerability and Configuration Check Highlights

IBM Db2

• Information disclosure and denial of service vulnerability via shared memory (CVE-2020-4414)
• Risk: High
• Read more about CVE-2020-4414 discovered by SpiderLabs

SAP ASE

• Sensitive information disclosure via the ASE_Suite.log file
• Risk: High
• Read more about CVE-2020-6295 and CVE-2020-6317 discovered by SpiderLabs

Updated Checks

MongoDB

• Latest patch not applied
  • Risk: High
• Patch release not applied on time
  • Risk: High

PostgreSQL

• Latest patch not applied
  • Risk: High

• Patch release not applied on time
  • Risk: High

Teradata

• Latest patch not applied
  • Risk: High

Availability

• Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
• AppDetectivePRO customers can use the Updater within the product as well