O121-BP-024750 - Oracle database products must be a version supported by the vendor.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Unsupported commercial and database systems should not be used because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation.

When maintenance updates and patches are no longer available, the database software is no longer considered supported and should be upgraded or decommissioned.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove or decommission all unsupported software products.

Upgrade unsupported DBMS or unsupported components to a supported version of the product.

Oracle recommends the following upgrade options:

For product longevity and patching, Oracle strongly recommends upgrading to 19c, which is the Long-Term Release with a support end date of April 30, 2027 (or April 30, 2024 if you choose not to pay Extended Support fees or purchase a ULA).
If currently running 12.1.x, upgrade to the terminal release (12.1.0.2) for the DB Release you are running, and then continue the upgrade process by upgrading to the 19c.
If currently running 12.2.0.1 or 18c, upgrade to 19c before the error correction grace periods for 12.2.0.1 and 18c expire.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V2R9_STIG.zip

Item Details

References: CAT|I, CCI|CCI-003376, Rule-ID|SV-251802r944386_rule, STIG-ID|O121-BP-024750, Vuln-ID|V-251802

Plugin: OracleDB

Control ID: ba15f4ce1071b4ddf757b663841aeb37640666091d71df52671c6583e197fe37