Privileged Account Manager 3.1 Patch Update 3 (PAM 188.8.131.52)
• OpenSSL library in Privileged Account Manager is upgraded to 1.0.2l to eliminate OpenSSL security vulnerabilities.
• Privileged Account Manager now supports Windows 2008 R2 Terminal Server.
• Weaker SSL ciphers are replaced with Elliptic Curve Diffie–Hellman (ECDHE) cipher to improve data security.
• CVE-2017-7437 - Addresses the reflected cross-site scripting (XSS) vulnerability that could result in the storage of uncontrolled information.
• CVE-2017-7438 - Addresses the DOM cross-site scripting (XSS) vulnerability.
This release also addresses other software fixes, see the Release Notes for more information.
• Release Notes: https://www.netiq.com/documentation/privileged-account-manager-3/npam3103-release-notes/data/npam3103-release-notes.html
• Download URL: https://dl.netiq.com/Download?buildid=MtsbTyzebZw~ and NCC for package updates on the channel