Why are WebSphere Cast Iron V6.3 users who are members of the local "user" or "viewer" groups allowed to publish projects onto the appliance? What are the security risks of this, and what should I
In WebSphere Cast Iron V6.3, the local "viewer" group has an unintended elevated privilege which allows it to be able to publish projects onto the appliance.
As a result of an unintended elevated privilege, users under the local "viewer" or "user" groups are able to publish projects onto the appliance.
Keeping this in mind, verify that your appliance users, under the "user" and "viewer" groups, are trusted with the role of publishing projects.
An internal APAR has been raised to address this problem in a future WebSphere Cast Iron V6.3 fix pack.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.