Loading...
Security Resources

Software Updates

Database Security

Database Security Knowledgebase Update 6.25

access_timeNovember 04, 2022
share

Trustwave Database Security Knowledgebase (ShatterKB) 6.25 is now available. It introduces new checks for Microsoft SQL Server, Oracle and MySQL.

New Checks - Microsoft SQL Server

• Procedures with public permission allow access to registry
Description: Verify if there is a Procedure with public permission that allow access to registry.
Risk: High

• Procedures with public permission allow access to file system
Description: Verify if there are the Procedures with public permission that allow access to registry.
Risk: High

• Procedures with public permission allow access to operating system
Description: Verify if there is a Procedure with public permission that allow access to operating system.
Risk: High

• User CLR assemblies should not be defined in the database
Description: Verify if there are a User CLR assemblies defined in the database.
Risk: High

• Create a baseline of External Key Management Providers
Description: Verifies if the system is using the EKM (External Key Management) providers.

Risk: Medium

• Track all users with access to the database
Description: Verify that the users within the MSSQL server database are authorized.
Risk: Low

• Procedure with public permission allow access to windows groups
Description: Verify if there is a Procedure with public permission that allow access to windows groups.
Risk: Medium

New Checks - MySQL

• Critical Patch Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2022.
Risk: High

• Critical Patch Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update - October 2022.
Risk: High

New Checks - Oracle

• Oracle Critical Patch Update/Patch Set Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2022.

IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High

• Oracle Critical Patch Update/Patch Set Update - October 2022
Description: Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - October 2022.

IMPORTANT! This check is designed to verify if a specific CPU/PSU is needed and installed. If you do not have adequate privileges on the database or operating system, the check may indicate it can not detect if the CPU/PSU is installed. In this case, ensure you have adequate permissions and re-run the check.
Risk: High

Availability

• Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
• Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/en-us/company/support/ and select AppDetectivePRO or DbProtect)
• AppDetectivePRO customers can use the Updater within the product as well