Our security assessment team found an issue with 'System' running CDW services by default. Although IBM allows a service account to run CDW services, it requires this account to be a member of local admin group. Either method causes security concern since CDW lists on a port and hackers could exploit it and gain the same privileges of the account that runs the CDW service.
The requirement is to allow a non-privileged account to run the CDW services without requiring it being a member of the local admin group.
Please bring this PMR to your L3 engineering team and add it to the
roadmap for a future release.