STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

When invalid inputs are received, DB2 must behave in a predictable and documented manner that reflects organizational and system objectives.

DISA Rule

SV-89283r1_rule

Vulnerability Number

V-74609

Group Title

SRG-APP-000447-DB-000393

Rule Version

DB2X-00-009300

Severity

CAT II

CCI(s)

• CCI-002754 - The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Weight

10

Fix Recommendation

Revise and deploy the source code for database program objects (stored procedures, functions, triggers) and application source code, to implement the documented behavior.

Check Contents

Review system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances.

Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input.

If it does not implement the documented behavior, this is a finding.

Vulnerability Number

V-74609

Documentable

False

Rule Version

DB2X-00-009300

Severity Override Guidance

Review system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances.

Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input.

If it does not implement the documented behavior, this is a finding.

Check Content Reference

M

Target Key

3161

Comments