STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

DB2 must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.

DISA Rule

SV-89191r1_rule

Vulnerability Number

V-74517

Group Title

SRG-APP-000267-DB-000163

Rule Version

DB2X-00-006300

Severity

CAT II

CCI(s)

CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

Fix Recommendation

Configure DB2 settings, custom database code, and associated application code not to display detailed error messages to those not authorized to view them.

Check Contents

Check DB2 settings and custom database code to determine if detailed error messages are ever displayed to unauthorized individuals.

If detailed error messages are displayed to individuals not authorized to view them, this is a finding.

Vulnerability Number

V-74517

Documentable

False

Rule Version

DB2X-00-006300

Severity Override Guidance

Check Content Reference

Target Key

3161

DB2 must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments