{"id":14769,"date":"2024-01-16T06:41:14","date_gmt":"2024-01-16T05:41:14","guid":{"rendered":"https:\/\/www.oradba.ch\/wordpress\/?p=14769"},"modified":"2024-01-16T06:41:14","modified_gmt":"2024-01-16T05:41:14","slug":"dive-into-the-latest-enhancements-of-dbsat-3-1-0","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2024\/01\/dive-into-the-latest-enhancements-of-dbsat-3-1-0\/","title":{"rendered":"Dive into the Latest Enhancements of DBSat 3.1.0"},"content":{"rendered":"\n<div class=\"wp-block-media-text is-stacked-on-mobile is-vertically-aligned-center\" style=\"grid-template-columns:38% auto\"><figure class=\"wp-block-media-text__media\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"642\" src=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat_3.1.0.png?resize=625%2C642&#038;ssl=1\" alt=\"\" class=\"wp-image-14770 size-full\" srcset=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat_3.1.0.png?resize=997%2C1024&amp;ssl=1 997w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat_3.1.0.png?resize=292%2C300&amp;ssl=1 292w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat_3.1.0.png?resize=768%2C789&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat_3.1.0.png?resize=624%2C641&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat_3.1.0.png?w=1125&amp;ssl=1 1125w\" sizes=\"auto, (max-width: 625px) 100vw, 625px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>Today, my initial plan was simply to finalize my article on DBSat 3.0.0 for the Oraworld Magazine. However, while checking the links to the DBSat documentation, Oracle Support Notes, and download sources, I discovered that Oracle has, almost simultaneously, released the latest version 3.1.0 of the Oracle Database Security Assessment Tool (DBSAT). Once again, this presents an opportunity to write about the tool and its newest release. I have already covered the major release of DBSAT 3.0.0 in my blog post <a href=\"https:\/\/www.oradba.ch\/wordpress\/2023\/11\/what-you-need-to-know-about-oracle-db-sat-release-3-0\/\" data-type=\"post\" data-id=\"14374\">What You Need to Know About Oracle DB SAT Release 3.0<\/a>. Now, let\u2019s explore what\u2019s new in version 3.1.0.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Key Features in Release 3.1.0<\/h2>\n\n\n\n<p>With the major release of version 3.0.0, Oracle had already made significant improvements to DBSat. This included support for Oracle 23c and over 30 new STIG findings, to name just a few enhancements. Now, with the most recent update, Oracle has introduced several improvements and added new findings, especially for the 23c version.<\/p>\n\n\n\n<p>The latest version focuses on the following improvements:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alignment with CIS Benchmark v1.2:<\/strong> Included 10 new findings based on CIS recommendations for Oracle Database 19c, with updated references.<\/li>\n\n\n\n<li><strong>New Finding for Autonomous Database Serverless:<\/strong> Introduction of a finding related to pre-authenticated URL requests.<\/li>\n\n\n\n<li><strong>Comprehensive Security Checks:<\/strong> New checks for user profile limits, EXECUTE permissions on various packages to PUBLIC, and database security and administration-related permissions.<\/li>\n\n\n\n<li><strong>Auditing and Operating System User Configurations:<\/strong> Addition of checks for auditing actions on synonyms and operating system user configurations in pluggable databases.<\/li>\n\n\n\n<li><strong>Enhanced Existing Findings:<\/strong> Improved logic in user expiry checks, optimizations in application owner assessments, and updated TDE recommendations for Oracle Database 23c.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">New Findings<\/h2>\n\n\n\n<p>Seven of the new findings focus on EXECUTE privilege grants to Public, assessing whether critical packages have been inappropriately granted to Public. The selection of packages for these checks is guided by recommendations from the CIS and encompasses a range of areas including network, file system, encryption, Java, job scheduling, helper functions, and credentials packages.<\/p>\n\n\n\n<p>The following example demonstrates how the finding <em>PRIV.NETPACKAGEPUBLIC<\/em> identifies network packages that have been granted EXECUTE privileges to PUBLIC.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"361\" src=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?resize=625%2C361&#038;ssl=1\" alt=\"\" class=\"wp-image-14774\" srcset=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?resize=1024%2C592&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?resize=300%2C173&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?resize=768%2C444&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?resize=1536%2C888&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?resize=624%2C361&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?w=1688&amp;ssl=1 1688w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_PRIV.NETPACKAGEPUBLIC.png?w=1250&amp;ssl=1 1250w\" sizes=\"auto, (max-width: 625px) 100vw, 625px\" \/><figcaption class=\"wp-element-caption\">Information about Network Packages Granted to PUBLIC<\/figcaption><\/figure>\n\n\n\n<p>Additional findings are detailed in the report&#8217;s &#8216;Privileges and Roles&#8217; chapter. Beyond the network packages mentioned earlier, the report also examines other critical packages, such as DBMS_JAVA, DBMS_JAVA_TEST, JAVA_ADMIN, DBMS_LOB, UTL_FILE, and DBMS_ADVISOR, among others. Furthermore, it assesses other crucial permissions that may have been granted to Public, like CREATE ANY DIRECTORY and DROP ANY DIRECTORY, where relevant.<\/p>\n\n\n\n<p>The additional new checks introduced in DBSAT cover several key aspects:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>USER.DEFAULTPROFILE:<\/strong> This check details the limitations defined in the DEFAULT user profile.<\/li>\n\n\n\n<li><strong>AUDIT.SYNONYMS:<\/strong> It determines if actions such as creating, altering, or dropping SYNONYMs are audited.<\/li>\n\n\n\n<li><strong>CONF.DEFAULTPDBOSUSER:<\/strong> This evaluates the operating system user designated in the PDB_OS_CREDENTIAL. <\/li>\n\n\n\n<li><strong>CONF.PREAUTHREQUESTURL:<\/strong> It provides insights into pre-authenticated URLs for Autonomous Database Serverless, including which users are authorized to manage these URLs via the DBMS_DATA_ACCESS package.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>USER.DEFAULTPROFILE:<\/strong> Enumerates the limits set in the DEFAULT user profile.<\/li>\n\n\n\n<li><strong>AUDIT.SYNONYMS:<\/strong> Verifies whether actions like create, alter, or drop SYNONYM are being audited.<\/li>\n\n\n\n<li><strong>CONF.DEFAULTPDBOSUSER:<\/strong> Evaluates the operating system user specified in the PDB_OS_CREDENTIAL. Particularly important if DB users are allowed to use DBMS_SCHEDULER in a multitenant environment.<\/li>\n\n\n\n<li><strong>CONF.PREAUTHREQUESTURL:<\/strong> Shows details of pre-authenticated URLs for Autonomous Database Serverless, including identification of users who can manage them through the DBMS_DATA_ACCESS package.<\/li>\n<\/ul>\n\n\n\n<p>Below are more examples of these new findings and their representation in the DBSAT report.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"622\" src=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?resize=625%2C622&#038;ssl=1\" alt=\"\" class=\"wp-image-14775\" srcset=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?resize=1024%2C1019&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?resize=300%2C298&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?resize=768%2C764&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?resize=1536%2C1528&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?resize=624%2C621&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?w=1685&amp;ssl=1 1685w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_USER.DEFAULTPROFILE.png?w=1250&amp;ssl=1 1250w\" sizes=\"auto, (max-width: 625px) 100vw, 625px\" \/><figcaption class=\"wp-element-caption\">Information about Users with DEFAULT Profile<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"318\" src=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?resize=625%2C318&#038;ssl=1\" alt=\"\" class=\"wp-image-14776\" srcset=\"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?resize=1024%2C521&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?resize=300%2C153&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?resize=768%2C391&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?resize=1536%2C782&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?resize=624%2C318&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?w=1681&amp;ssl=1 1681w, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSAT_finding_AUDIT.SYNONYMS.png?w=1250&amp;ssl=1 1250w\" sizes=\"auto, (max-width: 625px) 100vw, 625px\" \/><figcaption class=\"wp-element-caption\">Information about Audit Synonym Management Activities<\/figcaption><\/figure>\n\n\n\n<p>In addition to the new findings, existing checks have also been revised and updated. These include the following three:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>USER.APPOWNER:<\/strong> Optimizations have been made to enhance performance and streamline the level of detail.<\/li>\n\n\n\n<li><strong>USER.NOEXPIRE:<\/strong> The logic and summary of this check have been improved for better clarity.<\/li>\n\n\n\n<li><strong>ENCRYPT.TDE:<\/strong> The remarks have been updated to clarify the use of the TABLESPACE_ENCRYPTION parameter, providing specific recommendations for those upgrading to Oracle Database 23c and transitioning away from deprecated algorithms.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Missing Stuff<\/h2>\n\n\n\n<p>The major release 3.0.0 and its latest update 3.1.0 of DBSAT largely fulfill all expectations. DBSAT covers the latest standards and best practices and is also ready for Oracle 23c. However, there are minor issues that one might encounter during initial use. For instance, when gathering information with <code data-enlighter-language=\"generic\" class=\"EnlighterJSRAW\">dbsat collect<\/code>, warnings may appear if FIPS configuration files are not found. Generally, these can be safely ignored.<\/p>\n\n\n\n<p>Additionally, DBSAT requires Java for the Report or Discover Mode. If a <em>JAVA_HOME<\/em> variable is not set, DBSAT will terminate with an error. It would be beneficial if DBSAT could default to using the JVM in ORACLE_HOME, at least on the Oracle database server. You can find more on this in my blog post <a href=\"https:\/\/www.oradba.ch\/wordpress\/2023\/11\/what-you-need-to-know-about-oracle-db-sat-release-3-0\/\" data-type=\"post\" data-id=\"14374\">What You Need to Know About Oracle DB SAT Release 3.0<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>DBSAT 3.0.0 and its update 3.1.0 represent a significant development and improve both functionality and usability. One of the most important improvements is the independence from Python, which allows for easier deployment. The tool is now ready for Oracle Database 23c with updated security checks, STIG-V2R6 compliance and Oracle Best Practice tagging for result interpretation. The revised report format with clear explanations and guidance simplifies the identification and resolution of security issues. DBSAT also enables customized assessments by excluding specific users or areas. In addition, integration with Oracle Data Safe, Oracle Audit Vault and Database Firewall extends the standalone capabilities and strengthens the security framework of these Oracle products.<\/p>\n\n\n\n<p>If you haven&#8217;t reviewed your database security configuration yet, now is the perfect time to begin with DBSAT 3.1.0.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Additional Resources<\/h2>\n\n\n\n<p>Some links and references related to this topic.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DBSAT on <a href=\"https:\/\/www.oracle.com\/ch-de\/database\/technologies\/security\/dbsat.html\">oracle.com<\/a> <\/li>\n\n\n\n<li>Database Security Assessment Tool <a href=\"https:\/\/docs.oracle.com\/en\/database\/oracle\/security-assessment-tool\/3.1.0\/satug\">User Guide<\/a><\/li>\n\n\n\n<li>Download DBSAT MOS Note <a href=\"https:\/\/support.oracle.com\/epmos\/faces\/DocContentDisplay?id=2138254.1\" target=\"_blank\" rel=\"noreferrer noopener\">2138254.1<\/a> <em>Oracle Database Security Assessment Tool (DBSAT)<\/em><\/li>\n\n\n\n<li>Security Assessment Tool <a href=\"https:\/\/docs.oracle.com\/en\/database\/oracle\/security-assessment-tool\/3.1.0\/satrn\/\">Release Notes<\/a><\/li>\n\n\n\n<li>DBSAT <a href=\"https:\/\/www.oracle.com\/a\/otn\/docs\/dbsat-ds.pdf\">Data Sheet<\/a><\/li>\n\n\n\n<li>DBSAT on <a href=\"https:\/\/www.oracle.com\/a\/otn\/docs\/dbsat-public-faq.pdf\">FAQ<\/a><\/li>\n\n\n\n<li>DBSAT workshop on <a href=\"https:\/\/apexapps.oracle.com\/pls\/apex\/r\/dbpm\/livelabs\/view-workshop?wid=699\">Oracle LiveLabs<\/a><\/li>\n\n\n\n<li>DBSAT <a href=\"https:\/\/www.oracle.com\/a\/otn\/docs\/database-security-assessment-tool.pdf\">Overview<\/a> Presentation by Oracle PM<\/li>\n\n\n\n<li><a href=\"https:\/\/download.oracle.com\/database\/oracle-database-security-primer.pdf\">Oracle Database Security a technical primer<\/a> comprehensive overview of Oracle Security products and measures provided by the Oracle PM&#8217;s for Database Security.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Today, my initial plan was simply to finalize my article on DBSat 3.0.0 for the Oraworld Magazine. However, while checking the links to the DBSat documentation, Oracle Support Notes, and download sources, I discovered that Oracle has, almost simultaneously, released the latest version 3.1.0 of the Oracle Database Security Assessment Tool (DBSAT). Once again, this [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[227,128,207,11,32,1],"tags":[],"class_list":["post-14769","post","type-post","status-publish","format-standard","hentry","category-23c","category-best-practice","category-good-practice","category-security","category-security-audit","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1aErb-3Qd","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":14374,"url":"https:\/\/www.oradba.ch\/wordpress\/2023\/11\/what-you-need-to-know-about-oracle-db-sat-release-3-0\/","url_meta":{"origin":14769,"position":0},"title":"What You Need to Know About Oracle DB SAT Release 3.0","author":"Stefan","date":"16. November 2023","format":false,"excerpt":"The wait is over! After a long break, Oracle has launched a major update for its Database Security Assessment Tool, DBSAT. The latest version, DBSAT 3.0, includes a number of new features and enhancements, all aimed at increasing database security and optimizing compliance processes. In this post, I'll look at\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"DBSat","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBSat.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":2300,"url":"https:\/\/www.oradba.ch\/wordpress\/2017\/06\/doag-webinar-oracle-12-2-new-security-features\/","url_meta":{"origin":14769,"position":1},"title":"DOAG Webinar Oracle 12.2 New Security Features","author":"Stefan","date":"12. June 2017","format":false,"excerpt":"A couple of days ago I've successfully finished the DOAG Webinar on Oracle 12c Release 2 new Security Feature. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of on-premises or\u2026","rel":"","context":"In &quot;12cR2&quot;","block_context":{"text":"12cR2","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/12cr2\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/Screen-Shot-2017-06-12-at-06.57.42-300x169.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":14785,"url":"https:\/\/www.oradba.ch\/wordpress\/2024\/01\/latest-critical-patch-updates-from-oracle-january-2024\/","url_meta":{"origin":14769,"position":2},"title":"Latest Critical Patch Updates from Oracle &#8211; January 2024","author":"Stefan","date":"18. January 2024","format":false,"excerpt":"On January 18, Oracle unveiled its first quarterly Critical Patch Update Advisory of the year. This advisory, a pivotal resource for Oracle users, details an array of 389 new security patches across various Oracle product families. This update includes several high-severity vulnerabilities, notably those that can be exploited remotely over\u2026","rel":"","context":"In &quot;19c&quot;","block_context":{"text":"19c","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/19c\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/CPU-Patch-Jan-2024.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":14216,"url":"https:\/\/www.oradba.ch\/wordpress\/2023\/10\/latest-critical-patch-updates-from-oracle-october-2023\/","url_meta":{"origin":14769,"position":3},"title":"Latest Critical Patch Updates from Oracle &#8211; October 2023","author":"Stefan","date":"18. October 2023","format":false,"excerpt":"On October 17, Oracle released its quarterly Critical Patch Update Advisory. This comprehensive advisory contains details about 387 new security patches for various Oracle product families. Among them are some serious vulnerabilities that can be exploited remotely over the network, i.e. with a CVSS rating of 9 or more. The\u2026","rel":"","context":"In &quot;Critical Patch Update&quot;","block_context":{"text":"Critical Patch Update","link":"https:\/\/www.oradba.ch\/wordpress\/category\/patches\/cpu\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/DBPatch.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":1201,"url":"https:\/\/www.oradba.ch\/wordpress\/2013\/06\/oracle-12c-new-security-features\/","url_meta":{"origin":14769,"position":4},"title":"Oracle 12c New Security Features","author":"Stefan","date":"26. June 2013","format":false,"excerpt":"I've just uploaded the slides for my lecture Oracle 12c new security features, as I had promised this in my previous posts. (See also DOAG 2013 Datenbank or DOAG SIG Security). The slides is a consolidation of my presentations on the New Security Features in latest generation of Oracle Database\u2026","rel":"","context":"In &quot;12cR1&quot;","block_context":{"text":"12cR1","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/12cr1\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2642,"url":"https:\/\/www.oradba.ch\/wordpress\/2018\/06\/oracle-18c-new-security-features\/","url_meta":{"origin":14769,"position":5},"title":"Oracle 18c new Security Features","author":"Stefan","date":"14. June 2018","format":false,"excerpt":"Today I had the opportunity to give a presentation on Oracle 18c new Security Features at the SOUG day in Baden. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of\u2026","rel":"","context":"In &quot;18c&quot;","block_context":{"text":"18c","link":"https:\/\/www.oradba.ch\/wordpress\/category\/oracle-database\/18c\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.oradba.ch\/wordpress\/wp-content\/uploads\/IMG_1555-300x225.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/14769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/comments?post=14769"}],"version-history":[{"count":4,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/14769\/revisions"}],"predecessor-version":[{"id":14821,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/posts\/14769\/revisions\/14821"}],"wp:attachment":[{"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/media?parent=14769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/categories?post=14769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oradba.ch\/wordpress\/wp-json\/wp\/v2\/tags?post=14769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}