STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle database products must be a version supported by the vendor.

DISA Rule

SV-237748r667280_rule

Vulnerability Number

V-237748

Group Title

SRG-APP-000456-DB-000400

Rule Version

O121-BP-024750

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove or decommission or all unsupported software products.

Upgrade unsupported DBMS or unsupported components to a supported version of the product.

Oracle recommends the following upgrade options:

For product longevity and patching, Oracle strongly recommends upgrading to19c which is the Long Term Release with a support end date of April 30, 2027 (or April 30, 2024 if you choose not to pay Extended Support fees or purchase a ULA).
If you are currently running 12.1.x you will need to upgrade to the terminal release (12.1.0.2) for the DB Release you are running and then continue the upgrade process by upgrading to the 19c.
If you are currently running 12.2.0.1 or 18c, you should upgrade to 19c before the error correction grace periods for 12.2.0.1 and 18c expire.

Check Contents

Review the system documentation and interview the database administrator.

Identify all database software components.

Review the version and release information.
From SQL*Plus:

Select version from v$instance;

Access the vendor website or use other means to verify the version is still supported.
Oracle Release schedule:
https://support.oracle.com/knowledge/Oracle%20Database%20Products/742060_1.html

If the Oracle version or any of the software components are not supported by the vendor, this is a finding.

Vulnerability Number

V-237748

Documentable

False

Rule Version

O121-BP-024750

Severity Override Guidance

Review the system documentation and interview the database administrator.

Identify all database software components.

Review the version and release information.
From SQL*Plus:

Select version from v$instance;

Access the vendor website or use other means to verify the version is still supported.
Oracle Release schedule:
https://support.oracle.com/knowledge/Oracle%20Database%20Products/742060_1.html

If the Oracle version or any of the software components are not supported by the vendor, this is a finding.

Check Content Reference

M

Target Key

4059

Comments