Oracle EBS SQL Log Disclosure
EBS SQL logs were discovered.
- oracle
- ebs
- logs
- exposure
SQL logs are used for any table maintenance or data retrieval operations performed on the EBS instance. Statement-based logs can be used to find out what statements the application makes with no need to understand the underlying database logic.
Impact
An attacker may be able to retrieve sensitive information like database credentials by simply inspecting the SQL logs.
Solution
It is strongly recommended to silence the EBS SQL logs. The logs should not be stored on the local file system and must be removed once they have been archived.
Was this page helpful?