Information
The Oracle database SYS.AUD$ table contains all the audit records for the database of the non-Data Manipulation Language (DML) events, such as ALTER DROP and CREATE and so forth. (DML changes need trigger-based audit events to record data alterations.) Unauthorized grantees should not have full access to that table.
Permitting non-privileged users the authorization to manipulate the SYS.AUD$ table can allow distortion of the audit records, hiding unauthorized activities.
Solution
To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.
REVOKE ALL ON AUD$ FROM <grantee>;