Oracle RMAN Missing Auditing

Title: CVE-2021-2207 - RMAN Controlfile Operation Not AuditedProduct:                   DatabaseManufacturer:              OracleAffected Version(s):       12.1.0.2, 12.2.0.1, 18c, 19cTested Version(s):         19cRisk Level:                lowScore:                     2.3Solution Status:           FixedCVE Reference:             CVE-2021-2207Author of Advisory:        Emad Al-MousaOverview:Audit failure is a security weakness in software product especially if a security audit is in-place to detect a certain operation. Oracle RMAN isa database Recovery Manager utility for backup and restore operations, so any security weakness/vulnerability can be exploited by insider threat orexternal attacker to view confidential data in unauthorized manner.*****************************************Vulnerability Details:oracle database controlfile restore is not logged in unified auditing logs*****************************************Proof of Concept (PoC):In this simulation, unified auditing logs the backup of controlfile successfully while restore operation was not as shown below:rman target /RMAN> backup current controlfile;RMAN> restore controlfile to '/tmp/emad_ctl.ctl';Querying Unified Audit logs:SQL> select audit_type,client_program_name,event_timestamp,rman_operation,rman_object_type,rman_device_type from unified_audit_trail where audit_type like 'RMAN%'' order by event_timestamp desc;control file backup was recorded under RMAN_OBJECT_TYPE column while restore operation was logged, but it was not clear for which database object….in our case its the controlfile !*****************************************References:https://www.oracle.com/security-alerts/cpuapr2021.htmlhttps://databasesecurityninja.wordpress.com/2023/09/01/cve-2021-2207-rman-controlfile-operation-not-audited/