STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server LDAP groups must be authorized for the WebSphere role.

DISA Rule

SV-95943r1_rule

Vulnerability Number

V-81229

Group Title

SRG-APP-000033-AS-000024

Rule Version

WBSP-AS-000230

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
• CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Navigate to User and Groups >> Administrative group roles.

If any group is assigned roles that the group should not have, click on the group.

Assign only the role(s) the group should have.

Click "OK".

Click "Save".

Restart the DMGR and all the JVMs.

Check Contents

Review System Security Plan documentation.

Review details regarding LDAP groups that are mapped to WebSphere roles.

In the administrative console, under Users and Groups >> Administrative group roles.

If there is a LDAP group or groups assigned to a WebSphere role that has not been authorized by the ISSO/ISSM, this is a finding.

Vulnerability Number

V-81229

Documentable

False

Rule Version

WBSP-AS-000230

Severity Override Guidance

Review System Security Plan documentation.

Review details regarding LDAP groups that are mapped to WebSphere roles.

In the administrative console, under Users and Groups >> Administrative group roles.

If there is a LDAP group or groups assigned to a WebSphere role that has not been authorized by the ISSO/ISSM, this is a finding.

Check Content Reference

M

Target Key

3399

Comments