Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-61507 | O121-BP-025200 | SV-75997r1_rule | Medium |
Description |
---|
Credentials defined for access to remote databases or applications may provide unauthorized access to additional databases and applications to unauthorized or malicious users. |
STIG | Date |
---|---|
Oracle Database 12c Security Technical Implementation Guide | 2016-12-15 |
Check Text ( C-62379r1_chk ) |
---|
Review the list of defined database links generated from the DBMS. Compare to the list in the System Security Plan with the DBA. If no database links are listed in the database and in the System Security Plan, this check is not a finding. If any database links are defined in the DBMS, verify the authorization for the definition in the System Security Plan. If any database links exist that are not authorized or not listed in the System Security Plan, this is a finding. |
Fix Text (F-67423r1_fix) |
---|
Grant access to database links to authorized users or applications only. Document all database links access authorizations in the System Security Plan. |