Description
Oracle SQLNet and/or listener log files are publicly accessible. The SQLNet and Listener log files provide audit data useful to the discovery of suspicious behavior. The log files may contain usernames and passwords in clear text as well as other information that could aid a malicious user with unauthorized access attempts to the database. Generation and protection of these files helps support security monitoring efforts.
Remediation
Restrict access to the listener and sqlnet log files.
References
Related Vulnerabilities
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
WordPress Plugin Store Locator Plus for WordPress Multiple Vulnerabilities (3.0.1)
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)
WordPress Plugin Gravity Forms Information Disclosure (2.4.8)