A malicious unauthorized PAM user can access the administration configuration data and change the values.
broadcom symantec privileged access management