STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Application role permissions must not be assigned to the Oracle PUBLIC role.

DISA Rule

SV-219711r401224_rule

Vulnerability Number

V-219711

Group Title

SRG-APP-000516-DB-000363

Rule Version

O112-BP-022800

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Revoke role grants from PUBLIC.

Do not assign role privileges to PUBLIC.

From SQL*Plus:

revoke [role name] from PUBLIC;

Check Contents

From SQL*Plus:

select granted_role from dba_role_privs where grantee = 'PUBLIC';

If any roles are listed, this is a Finding.

Vulnerability Number

V-219711

Documentable

False

Rule Version

O112-BP-022800

Severity Override Guidance

From SQL*Plus:

select granted_role from dba_role_privs where grantee = 'PUBLIC';

If any roles are listed, this is a Finding.

Check Content Reference

M

Target Key

4057

Comments