/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- The security vulnerability scanner suggested to remove write and full control permissions for al_jobservice;
- The scanner message is:
-
- At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks.
An unpriviliged user could modify or overwrite the executable with arbitary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.
This plugin checks if any of the following groups have permissions to modify executable files that are started by Windows services:
- Everyone
- Users
- Domain Users
- Authenticated Users
- At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks.
-
Read more...
Environment
- SAP Data Services
- Windows
Product
SAP Data Services all versions
Keywords
Security, Vulnerability, Data Services, permissions, account, read, write, execute, job, job service , KBA , EIM-DS-SVR , Administration/Server , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)