An upgrade/migration plan should be developed to address an unsupported DBMS software version.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4758 | DG0002-ORACLE10 | SV-24340r1_rule | VIVM-1 | Medium |
| Description |
|---|
| Unsupported software versions are not patched by vendors to address newly discovered security versions. An unpatched version is vulnerable to attack. Developing and implementing an upgrade plan prior to a lapse in support helps to protect against published vulnerabilities. |
| STIG | Date |
|---|---|
| Oracle 10 Database Installation STIG | 2014-01-14 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-16158r1_fix) |
|---|
| Develop, document and implement an upgrade/migration plan for obsolete or expiring Oracle versions. Use the table above as a guideline for Oracle version support. The cost of the version upgrade should be budgeted including any additional testing and development required supporting the version upgrade. A plan for testing the version upgrade should also be scheduled. Any other steps for the version upgrade should be included in the plan and the plan for the version upgrade should be scheduled for completion prior to expiration of the current Oracle database server product. |