6.7.1 Ensure Custom Java Privileges Are Revoked From Unauthorized 'GRANTEE'

Information

Oracle supports Java embedded in the database. Privileges exist for this Java, which are maintained in separate privilege tables.

Unauthorized users with certain Java privileges can perform actions at the operating system level that bypass normal security controls, potentially leading to data breaches, tampering, or destruction.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To remediate this recommendation, execute the following SQL statement.

begin
DBMS_JAVA.disable_permission(<number>);
DBMS_JAVA.delete_permission(<number>);
end;

Note: Custom Java Privileges can be revoked via the SEQ (uence) number.

Item Details

Audit Name: CIS Oracle Database 19c v2.0.0 L1 RDBMS

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OracleDB

Control ID: 881a1780bc372db41b2745b8ec61928cbe7f025641af0c552c72bb0cbbc3ce37

Detections

Analytics

6.7.1 Ensure Custom Java Privileges Are Revoked From Unauthorized 'GRANTEE'

Information

Solution

See Also

Item Details