Can I access, configure or upgrade PAM or the underlying OS?
search cancel

Can I access, configure or upgrade PAM or the underlying OS?

book

Article ID: 143290

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Can external access be given to PAM so we can patch, configure or upgrade it?

Environment

Privileged Access Manager, any supported PAM release as of May 2024

 

Cause

Internal auditors want to know what version of the OS is, if it can be externally patched or upgraded.

Resolution

PAM releases supported as of May 2024 (4.0.0-4.1.7) run on a heavily customized Debian 9 (stretch) release with a custom 4.14 kernel. Most vulnerabilities that may affect Debian 9 in general do not affect PAM. Updates to the kernel are not performed outside of PAM upgrades.
 
PAM is a closed appliance, accessible by users only through the HTTPS web service. We do not allow SSH access by PAM admins, only Broadcom employees are permitted to SSH into the appliance.

Additional Information

Any vulnerability found in PAM is addressed with highest priority and will be included in hotfixes or maintenance releases as applicable.  If your internal security department thinks that there is a vulnerability in our appliance, then please open a support ticket and supply us the details.

Product Management has plans to upgrade the PAM operating system to a newer Debian version in a future PAM release currently TBD.

To determine the OS version of a given PAM release, refer to the Third Party License Acknowledgments documentation section. In the upper right corner of the page, use the drop-down menu to select the PAM version running in your environment.

Powered by Wolken Software