STIGQter: STIG Summary: Oracle WebLogic Server 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle WebLogic must limit privileges to change the software resident within software libraries (including privileged programs).

DISA Rule

SV-235960r628658_rule

Vulnerability Number

V-235960

Group Title

SRG-APP-000133-AS-000092

Rule Version

WBLC-03-000125

Severity

CAT II

CCI(s)

CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

Fix Recommendation

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have shared library modification access
6. From users settings page, select 'Groups' tab
7. From the 'Chosen' table, use the shuttle buttons to remove the role - 'Admin', 'Deployer'
8. Click 'Save'
9. Repeat steps 5-8 for all users that must not have shared library modification access

Check Contents

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have shared library modification access
6. From users settings page, select 'Groups' tab
7. Ensure the 'Chosen' table does not contain the roles - 'Admin', 'Deployer'
8. Repeat steps 5-7 for all users that must not have shared library modification access

If any users that are not permitted to change the software resident within software libraries (including privileged programs) have the role of 'Admin' or 'Deployer', this is a finding.

Vulnerability Number

V-235960

Documentable

False

Rule Version

WBLC-03-000125

Severity Override Guidance

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Users and Groups' tab -> 'Users' tab
5. From 'Users' table, select a user that must not have shared library modification access
6. From users settings page, select 'Groups' tab
7. Ensure the 'Chosen' table does not contain the roles - 'Admin', 'Deployer'
8. Repeat steps 5-7 for all users that must not have shared library modification access

If any users that are not permitted to change the software resident within software libraries (including privileged programs) have the role of 'Admin' or 'Deployer', this is a finding.

Check Content Reference

Target Key

5282

Oracle WebLogic must limit privileges to change the software resident within software libraries (including privileged programs).

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments