When PAM SC or PIM enterprise manager is installed in Windows, it comes with a java jdk (presently jdk 1.8.0-101) which was the one available at the time of release of the product.

However with time, the java package installed  may either become obsolete or vulnerabilities may be discovered in it which make it no longer advisable for production in a highly-securized enterprise environment.

CA PAM SC 14.X and CA PIM  12.X and 14.X 

This is the procedure you can follow in Windows

1. Stop all services related to PAM SC/PIM. That means stop PAMSC itself (secons -s from a console) plus stop the connector servers, jboss and any service whatsoever

2. Uninstall the current jdk1.8.0 installation

3. Reboot the server

4. Once restarted install the latest ( e.g. jdk1.8.0_221) but making sure that the installation directory is named EXACTLY as the previous installation. That is, if the previous one was installed in E:\jdk1.8.0 choose that directory as the installation directory. Changing the directory name for installation will not work even if the path of the system is modified. The reason for this is that the directory name is embedded in several places in the configuration files, so they all should be modified in case we wanted to install to a new directory

5. In the jboss directory, under \server\default rename or delete the work, tmp and log folders

6. Edit java.security under \jre\lib\security and make sure that RC4 is removed from the line starting

jdk.tls.disabledAlgorithms=... 

to have RC4 enabled for communication

7. Reboot the server

8. Once it comes back run in a command prompt java -version to make sure it works and it returns the desired java version

9. Restart jboss in order for it to redeploy