4.2.12 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'WWV_EXECUTE_IMMEDIATE'

Information

As use of the WWV_EXECUTE_IMMEDIATE package could allow an unauthorized user to run SQL statements as Application Express (APEX) user.

Solution

To remediate this setting execute the following SQL statement. REVOKE EXECUTE ON WWV_EXECUTE_IMMEDIATE FROM PUBLIC;

See Also

https://workbench.cisecurity.org/files/601

Item Details

Audit Name: CIS Oracle Server 11g R2 DB v2.2.0

Plugin: OracleDB

Control ID: 64848fe9fe81a124449afa5bc2f23ff03c64c7ba6c390998694595f7adcb94eb