Do these CVE's impact PAM version 3.3?
CVE-2019-15846 https://www.cvedetails.com/cve/CVE-2019-15846/
CVE-2019-1391
CVE-2017-11176 (Vendor: Debian & Linux; Product: Linux Kernel) https://www.cvedetails.com/cve/CVE-2017-11176/
CVE-2018-6574 (Vendor: Golang, Debian, & Redhat; Product: Go, Debian Linux, & Enterprise Linux Server)
CVE-2018-7600 (Vendor: Drupal; Product: Drupal & Debian Linux)
CVE-2018-7602 (Vendor: Drupal; Product: Drupal & Debian Linux))
Release : 3.3
Component : PRIVILEGED ACCESS MANAGEMENT
None of these vulnerabilities affect PAM 3.3:
CVE-2019-15846 EXIM4 vulnerability - Not installed on PAM appliance
CVE-2019-1391 - Windows vulnerability - PAM not affected
CVE-2017-11176 - Affects Linux kernels 4.11.9 and older - PAM 3.3 uses a 4.14 kernel, which is not affected. PAM 3.2 is running a vulnerable kernel, but is not affected either, because the vulnerability requires the attacker to be logged in locally, which is not possible with the PAM server.
CVE-2018-6574 - Golang vulnerability - Not installed on PAM appliance
CVE-2018-7600 - Drupal vulnerability - Not installed on PAM appliance
CVE-2018-7602 - Drupal vulnerability - Not installed on PAM appliance