STIGQter: STIG Summary: Oracle WebLogic Server 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle WebLogic must protect audit information from any type of unauthorized read access.

DISA Rule

SV-235956r628646_rule

Vulnerability Number

V-235956

Group Title

SRG-APP-000118-AS-000078

Rule Version

WBLC-02-000095

Severity

CAT III

CCI(s)

CCI-000162 - The information system protects audit information from unauthorized access.

Weight

Fix Recommendation

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have audit read access
6. From users settings page, select 'Groups' tab
7. From the 'Chosen' table, use the shuttle buttons to remove all of the following roles - 'Admin', 'Deployer', 'Monitor', 'Operator'
8. Click 'Save'
9. Repeat steps 5-8 for all users that must not have audit read access

Check Contents

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have audit read access
6. From users settings page, select 'Groups' tab
7. Ensure the 'Chosen' table does not contain any of the following roles - 'Admin', 'Deployer', 'Monitor', 'Operator'
8. Repeat steps 5-7 for all users that must not have audit read access

If any users that should not have access to read audit information contain any of the roles of 'Admin', 'Deployer', 'Monitor' or 'Operator', this is a finding.

Vulnerability Number

V-235956

Documentable

False

Rule Version

WBLC-02-000095

Severity Override Guidance

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have audit read access
6. From users settings page, select 'Groups' tab
7. Ensure the 'Chosen' table does not contain any of the following roles - 'Admin', 'Deployer', 'Monitor', 'Operator'
8. Repeat steps 5-7 for all users that must not have audit read access

If any users that should not have access to read audit information contain any of the roles of 'Admin', 'Deployer', 'Monitor' or 'Operator', this is a finding.

Check Content Reference

Target Key

5282

Oracle WebLogic must protect audit information from any type of unauthorized read access.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments