Operator has the right to edit variables when relaunching job

Article Id: 86310

Status: Published

Updated On: 15-04-2018 08:03

Legacy Id: 000012441

Products:

CA Automic Dollar Universe

Issue/Introduction:

Error Message :
There is no error message

Patch level detected:Dollar Universe 6.1.00
Product Version: Dollar.Universe 6.1.0

Description :When jobs are launch manually by operators, the operator can edit the variables within the task without permission.
The content of Uproc variables on DU6 Linux (possibly Unix too) can be passed on to the O.S. by DU and interpreted. This can lead to privilege escalation and execution of malicious commands.

Cause:

Cause type:
By design
Root Cause: N/A

Environment:

OS: All

Resolution:

Be sure operator edit the variables correctly when needed.

Fix Status: No Fix

Additional Information:

Workaround :
N/A