Cast Iron V6.3 users who are members of local "user" or "viewer" groups allowed to publish projects onto appliance

Question & Answer

Question

Why are WebSphere Cast Iron V6.3 users who are members of the local "user" or "viewer" groups allowed to publish projects onto the appliance? What are the security risks of this, and what should I do?

Cause

In WebSphere Cast Iron V6.3, the local "viewer" group has an unintended elevated privilege which allows it to be able to publish projects onto the appliance.

Answer

As a result of an unintended elevated privilege, users under the local "viewer" or "user" groups are able to publish projects onto the appliance.

Keeping this in mind, verify that your appliance users, under the "user" and "viewer" groups, are trusted with the role of publishing projects.

An internal APAR has been raised to address this problem in a future WebSphere Cast Iron V6.3 fix pack.

[{"Product":{"code":"SSGR73","label":"IBM Cast Iron Cloud Integration"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF009","label":"Firmware"}],"Version":"6.3","Edition":"Virtual;Physical","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

Cast Iron V6.3 users who are members of local "user" or "viewer" groups allowed to publish projects onto appliance

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?