Software Updates

Database Security Knowledgebase Update 6.25

Written by | Nov 4, 2022 2:00:00 PM

Trustwave Database Security Knowledgebase (ShatterKB) 6.25 is now available. It introduces new checks for Microsoft SQL Server, Oracle and MySQL.

 

New Checks - Microsoft SQL Server

  • Procedures with public permission allow access to registry
    • Description: Verify if there is a Procedure with public permission that allow access to registry.
    • Risk: High
  • Procedures with public permission allow access to file system
    • Description: Verify if there are the Procedures with public permission that allow access to registry.
    • Risk: High
  • Procedures with public permission allow access to operating system
    • Description: Verify if there is a Procedure with public permission that allow access to operating system.
    • Risk: High
  • User CLR assemblies should not be defined in the database
    • Description: Verify if there are a User CLR assemblies defined in the database.
    • Risk: High
  • Create a baseline of External Key Management Providers
    • Description: Verifies if the system is using the EKM (External Key Management) providers.
    • Risk: Medium
  • Track all users with access to the database
    • Description: Verify that the users within the MSSQL server database are authorized.
    • Risk: Low
  • Procedure with public permission allow access to windows groups
    • Description: Verify if there is a Procedure with public permission that allow access to windows groups.
    • Risk: Medium

 

New Checks - MySQL

  • Critical Patch Update - October 2022
    • Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2022.
    • Risk: High
  • Critical Patch Update - October 2022
    • Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2022.
    • Risk: High

 

New Checks - Oracle

  • Oracle Critical Patch Update/Patch Set Update - October 2022
    • Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2022.
    • IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
    • Risk: High
  • Oracle Critical Patch Update/Patch Set Update - October 2022
    • Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2022.
    • IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
    • Risk: High

 

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/en-us/company/support/ and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well
View full post