Security Testing Identified Potential Impact With the Database Used by Oracle Access Manager (OAM)
(Doc ID 2739428.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle Access Manager - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Goal
- VAPT points for Oracle database for Oracle Access Manager (OAM) 12.2.1.3 impact
- Points are listed by external vulnerability tool Nessus
- For Oracle Access Manager (OAM) version need to consider below vulnerability points:
2. Unauthorized users having access to DBA views and tables in SYS schema
3. Insecure DBMS_BACKUP_RESTORE package permissions
4. Insecure File Transfer privileges remove on DBMS_FILE_TRANSFER
5. Lack of detailed audit settings - ALTER USER
6. Allocation of Unlimited Tablespace for application user
- Database User Names - Username: ODS, OAMPROD_IAU, and OIDPROD_IAU
- Report states:
1. Remove DBMS_BACKUP_RESTORE permissions if not necessary. Any users or roles that have this privilege should be reviewed and the privilege revoked if not necessary.
2. Impact of removing this from other user: Any users that not need EXECUTE permission on DBMS_FILE_TRANSFER then remove it.
3. Impact of removing this from other user:
a. Sessions per user for ODS and OAM,OID users. Impact of setting it to values or unlimited:
b. Allocation of unlimited tablespace to user: ODS , OAMPROD_IAU, OIDPROD_IAU, OIDPROD_IAU_VIEWER ,OAMPROD_IAU_VIEWER, Impact of allocation
- As these are non-system users, what are the recommendation on weather these privilege's from this users can be removed?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |