The Oracle database AUDIT SYSTEM privilege allows changes to auditing activities on the system. Unauthorized grantees should not have that privilege. Rationale: The AUDIT SYSTEM privilege can allow the unauthorized alteration of system audit activities, such as disabling the creation of audit trails.
Solution
To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke. REVOKE AUDIT SYSTEM FROM <grantee>;