V-204784
SV-204784r961353_rule
CAT II
The application server must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
From: Application Server Security Requirements Guide (V4R4)
Description
<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.
Restricting non-privileged users also prevents an attacker, who has gained access to a non-privileged account, from elevating privileges, creating accounts, and performing system checks and maintenance.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review application server documentation and configuration to verify that non-privileged users cannot access or execute privileged functions.
Have a user logon as a non-privileged user and attempt to execute privileged functions.
If the user is capable of executing privileged functions, this is a finding.
Fix Text
Configure the application server to deny non-privileged users access to and execution of privileged functions.
CCI Reference
CCI-002235- Created
- 2026-04-07 20:08:11
- Last Updated
- 2026-04-07 20:08:11