The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter must be set to a value of 12 or higher.

An XCCDF Rule

Description

<VulnDiscussion>Unsupported Oracle network client installations may introduce vulnerabilities to the database. Restriction to use of supported versions helps to protect the database and helps to enforce newer, more robust security controls.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219746r879887_rule
Severity: Medium
References: CCI-000366
Updated: 9 months ago

: Deploy Oracle 11.2.0.4 with the January 2014 CPU patch.

Edit the SQLNET.ORA file to add or edit the entry:

SQLNET.ALLOWED_LOGON_VERSION = 12
Set the value to 12 or higher.

For more information on sqlnet.ora parameters refer to the following document:
"Database Net Services Reference"
https://docs.oracle.com/cd/E11882_01/network.112/e10835/sqlnet.htm#NETRF006

The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter must be set to a value of 12 or higher.

Description

Remediation - Manual Procedure