Professional Documents
Culture Documents
ADC Updates January 31 2024
ADC Updates January 31 2024
==================================
Assessment Name: CVE-2023-50308: IBM Db2 under certain circumstances could allow an
authenticated user to the database to cause a denial of service when a statement is
run on columnar tables.
Affected Databases: DB2
Change Details: New CVE assessment test for DB2 Known Vulnerabilities
Assessment Name: Ensure Base Backups are Configured and Functional (PostgreSQL 15)
Affected Databases: PostgreSQL
Change Details: Added a new test for assessment policy CIS - Security Configuration
Benchmark (For PostgreSQL 15)
Predicates:
a. Part: Header
Match Operation: "MatchRegExp"
Name: "Side"
Value: "upload|download"
b. Part: Parameter
Match Operation: "Include"
Name: "remoting"
Value: "false"
c. Part: Header
Match Operation: "MatchRegExp"
Name: "Session"
Value: "."
d. Part: URL
Match Operation: "Include"
Value: "/cli"
Assessment Name: Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Aurora
PostgreSQL)
Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.
Assessment Name: Ensure the Correct Messages Are Written to the Server Log (Aurora
PostgreSQL)
Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.
Assessment Name: Ensure the Correct SQL Statements Generating Errors are Recorded
(Aurora PostgreSQL)
Affected Databases: PostgreSQL
Change Details: Detecting OS system parameters was modified to catch any
variations.
Assessment Name: Check permissions for files related to server SSL configuration
Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts
Assessment Name: Check permissions for files related to client SSL configuration
Affected Databases: HDFS
Change Details: Added additional security checks for file permission to scripts
Assessment Name: Ownership and Permissions for Impala Audit Log Files
Affected Databases: Impala
Change Details: Added additional security checks for file permission to scripts