STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must limit privileges, within the Administrator Console, to change the software resident within software libraries.

DISA Rule

SV-76891r1_rule

Vulnerability Number

V-62401

Group Title

SRG-APP-000133-AS-000092

Rule Version

CF11-03-000092

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Navigate to the "User Manager" page under the "Security" menu. Remove the "Server Updates" role from each user that should not have access to patch management functions.

Check Contents

Within the Administrator Console, navigate to the "User Manager" page under the "Security" menu. Review each defined user and ask the SA if the user should have access to server patch management functions. For each user that should not be able to access patch management functions, review the roles assigned to the user account.

If the user has the "Server Updates" role, this is a finding.

Vulnerability Number

V-62401

Documentable

False

Rule Version

CF11-03-000092

Severity Override Guidance

Within the Administrator Console, navigate to the "User Manager" page under the "Security" menu. Review each defined user and ask the SA if the user should have access to server patch management functions. For each user that should not be able to access patch management functions, review the roles assigned to the user account.

If the user has the "Server Updates" role, this is a finding.

Check Content Reference

M

Target Key

2661

Comments