The WebSphere Application Server users in a LDAP user registry group must be authorized for that group.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-81231 | WBSP-AS-000240 | SV-95945r1_rule | CCI-002235 | medium |
| Description | ||||
| Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Restricting non-privileged users also prevents an attacker, who has gained access to a non-privileged account, from elevating privileges, creating accounts, and performing system checks and maintenance. | ||||
| STIG | Date | |||
| IBM WebSphere Traditional V9.x Security Technical Implementation Guide | 2018-08-24 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-6(10)
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.7
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-002235
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-95945r1_chk)
If a file based or local federated repository is in use, this requirement is NA.
Review System Security Plan documentation.
Interview the system administrator.
In the administrative console select Security >> Global Security.
Under "User Account Repository", verify the "Available realm Definition" is set to "Standalone LDAP registry".
Select "Configure".
The properties of the LDAP repository are displayed for purposes of identifying the LDAP server.
Work with the admin of LDAP repository.
Identify users and groups.
Validate members of groups are authorized.
If the group members have not been authorized by the ISSO/ISSM, this is a finding.
Fix Text (F-88011r1_fix)
In the LDAP server admin console, assign WebSphere users to the appropriate WebSphere group.