Oracle WebLogic must limit privileges to change the software resident within software libraries (including privileged programs).

An XCCDF Rule

Description

Application servers have the ability to specify that the hosted applications utilize shared libraries. The application server must have a capability to divide roles based upon duties wherein one project user (such as a developer) cannot modify the shared library code of another project user. The application server must also be able to specify that non-privileged users cannot modify any shared library code at all.

ID: SV-235960r628658_rule
Version: WBLC-03-000125
Severity: Medium
References: CCI-001499
Updated: 11 days ago

Remediation Templates

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have shared library modification access
6. From users settings page, select 'Groups' tab7. From the 'Chosen' table, use the shuttle buttons to remove the role - 'Admin', 'Deployer'
8. Click 'Save'
9. Repeat steps 5-8 for all users that must not have shared library modification access

Oracle WebLogic must limit privileges to change the software resident within software libraries (including privileged programs).

Description

Remediation Templates

A Manual Procedure