Oracle EBS SQL Log Disclosure
EBS SQL logs were discovered.
SQL logs are used for any table maintenance or data retrieval operations performed on the EBS instance. Statement-based logs can be used to find out what statements the application makes with no need to understand the underlying database logic.
An attacker may be able to retrieve sensitive information like database credentials by simply inspecting the SQL logs.
It is strongly recommended to silence the EBS SQL logs. The logs should not be stored on the local file system and must be removed once they have been archived.
Was this page helpful?