When updates are applied to the DBMS software, any software components that have been replaced or made unnecessary must be removed.

From Database Security Requirements Guide

Associated with: CCI-002617

SV-72605r1_rule When updates are applied to the DBMS software, any software components that have been replaced or made unnecessary must be removed.

Vulnerability discussion

Previous versions of DBMS components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some DBMSs' installation tools may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the outdated modules.A transition period may be necessary when both the old and the new software are required. This should be taken into account in the planning.

Check content

If software components that have been replaced or made unnecessary are not removed, this is a finding.

Fix text

Identify and remove software components that have been replaced or made unnecessary.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.