ManageEngine PAM360 is recognized in the 2021 KuppingerCole Leadership Compass for Privileged Access Management. Download the report
Featured guest
Enhancements
The Connection tab comes with the following improvements:
Security Fixes
New Feature
PAM360 now supports creating schedules for automatically discovering new privileged accounts during Linux, Network Devices, and VMware discovery.
Enhancements
New Query Reports:
Bug Fix
From build 5400, administrators were unable to import users through AD. The issue has been fixed.
Security Fix
An authentication bypass vulnerability (CVE-2022-29081) affecting ManageEngine PAM360 builds from 4001 to 5400, has been fixed. It occurred due to an improper URI check that allowed an adversary to bypass security checks in seven RESTAPI URLs, gain unauthorized access to the application, and invoke the following operations:
Enhancements
Upgrades
Bug Fixes
Behavior Change
The API handling code which earlier responded to the V1 API format of ServiceDesk Plus MSP will henceforth respond to their V3 API format.
New Feature
Integration with the Cortex XSOAR RPA Tool
ManageEngine PAM360 integrates with Cortex XSOAR, a Robotic Process Automation (RPA) tool that allows
users to build standardized responses through commands to facilitate the automation of software
processes. PAM360 provides various commands that cover a wide range of automation tasks to perform
operations, such as creating resources and accounts, fetching passwords, updating resource and account
details, wherein the commands can be combined to create a complete endpoint management workflow.
Enhancements
Feature
Self-Service Privilege Elevation
Using the Self-Service Privilege Elevation feature, an administrator can allow a user to run a specific
application(s) with elevated privileges without sharing the privileged account passwords. With this
feature, it is possible to perform administrative functions on an endpoint without the need for the
administrators to share the account passwords. The passwordless strategy used to run applications with
elevated account privileges assures that only the intended administrative tasks are performed by a user
without entering administrator credentials.
Enhancements
Security Fix
A SQL injection vulnerability that allowed users to access the restricted tables in 'Query Reports' has been fixed.
Security Fix
An authentication bypass vulnerability (CVE-2021-44525) that allows an adversary to gain unauthorized access to the application and invoke actions through specific application URLs has been fixed. It affects ManageEngine Access Manager Plus versions up to 4202.
Enhancement
Administrators can now enable and set up a customizable welcome message once a session commences. In addition, they can enable the session recording status in the session window.
Enhancement
New Agents
This release comes with two new agents - C# agent for Windows/ Windows Domain and Go agent for Linux.
Henceforth, it will be possible to restrict user accounts that are added via agents (the new agents
only) during account discovery, using regex patterns.
Bug Fixes
New Features
Enhancements
Behavior Change
From now on, all certificates with unique serial numbers will be listed under the 'Certificates' tab. However, the existing users can manage their already added certificates from the History section, which has now been moved under the 'Column Chooser'.
Bug Fixes
Security Fixes
Enhancements
Behavior Changes
Note: If your current Ticketing System is ServiceDesk Plus On-Premises or ServiceDesk Plus Cloud, this upgrade pack will disable the integration and delete the complete integration data. You will have to reconfigure the ticketing system again. So, make sure you save a backup of the advanced configurations in the form of screenshots for reference.
Bug Fixes
Security Fixes
Enhancements
Bug Fixes
Security Fix
Enhancement
Security Fixes
Security Fix
New Features
Bug Fixes
New Features
Enhancements
Bug Fixes
Security Fixes
Security Fix
New Features
Enhancements
Bug Fixes
Security Fixes
Enhancement
New Features
Enhancement
Bug Fixes
Security Enhancement
Earlier, PostgreSQL data directories in Windows installations were entirely accessible to all locally authenticated users. Now, as a security practice, we have exerted the following measures, applicable for installations under the 'Program Files' directory:
New Features
Enhancements
Bug Fix
In PAM360 build 4000, while trying to integrate with ServiceDesk Plus, the "Invalid API key" error was encountered. This issue has been fixed in this build.