The client had a system vulnerability audit performed, which listed an exposure in EBC module EBCS22EP (load module EBCSVR22) as "Least Privilege 1 (LP1)".
CA View 12.2
At a pre-z/OS 2.1 level, the CSVDYLPA service (at default) sets AC(1) when adding a module to LPA.
The CSVDYLPA macro at pre-z/OS 2.1 levels does not have the capability of setting AC=0, and marks all modules as AC=1.
With the below 12.2 PTFs, CA SVC routines are marked as AC=0 with the CSVDYLPA macro, if the operating system is at z/OS 2.1 or higher:
. RO86218 CA View 12.2
. RO82096 CA Deliver 12.2
. RO82095 EBC 12.2 (View and Deliver)
The RO82096 fix was specifically created to resolve issues with software that audits vulnerability of a system.
The setting of AC=1 may show an audit violation at pre-z/OS 2.1 levels.
At z/OS level 2.1, the audit violation should be satisfied.
If the operating system level is z/OS 2.1 (or higher), RO82096 should be applied.