SAP Knowledge Base Article - Preview

3476313 - Security vulnerability on al_jobservice

Symptom

  • The security vulnerability scanner suggested to remove write and full control permissions for al_jobservice;

  • The scanner message is:

      • At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks.
        An unpriviliged user could modify or overwrite the executable with arbitary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.

        This plugin checks if any of the following groups have permissions to modify executable files that are started by Windows services:

        • Everyone
        • Users
        • Domain Users
        • Authenticated Users


Read more...

Environment

  • SAP Data Services
  • Windows

Product

SAP Data Services all versions

Keywords

Security, Vulnerability, Data Services, permissions, account, read, write, execute, job, job service , KBA , EIM-DS-SVR , Administration/Server , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.