STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Application role permissions must not be assigned to the Oracle PUBLIC role.

DISA Rule

SV-219839r533058_rule

Vulnerability Number

V-219839

Group Title

SRG-APP-000516-DB-000363

Rule Version

O121-BP-022800

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Revoke role grants from PUBLIC.

Do not assign role privileges to PUBLIC.

From SQL*Plus:

revoke [role name] from PUBLIC;

Check Contents

From SQL*Plus:

select granted_role from dba_role_privs where grantee = 'PUBLIC';

If any roles are listed, this is a finding.

Vulnerability Number

V-219839

Documentable

False

Rule Version

O121-BP-022800

Severity Override Guidance

From SQL*Plus:

select granted_role from dba_role_privs where grantee = 'PUBLIC';

If any roles are listed, this is a finding.

Check Content Reference

M

Target Key

4059

Comments