Phillip Tejada

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.4 through 10.4.7 **Description** The issue arises when an administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user. This action does not remove the user's account from the appserveradm or appserverusr groups, allowing the user to still manage WebObjects applications. **Recommendations** For Apple Mac OS X versions 10.4 through 10.4.7, manually remove the user's account from the appserveradm and appserverusr groups after clearing the "Allow user to administer this computer" checkbox to prevent unauthorized management of WebObjects applications.