Question & Answer
Question
Why are WebSphere Cast Iron V6.3 users who are members of the local "user" or "viewer" groups allowed to publish projects onto the appliance? What are the security risks of this, and what should I do?
Cause
In WebSphere Cast Iron V6.3, the local "viewer" group has an unintended elevated privilege which allows it to be able to publish projects onto the appliance.
Answer
As a result of an unintended elevated privilege, users under the local "viewer" or "user" groups are able to publish projects onto the appliance.
Keeping this in mind, verify that your appliance users, under the "user" and "viewer" groups, are trusted with the role of publishing projects.
An internal APAR has been raised to address this problem in a future WebSphere Cast Iron V6.3 fix pack.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21620400