RSA SecurID^® Access Discussions

AntonisHassioti · ‎2021-01-21

Dear Support,

We use the RSA Authentication manager.

We see that there is a web tier update (Patch 2) , but we are not certain whether we need it.

How can we check?

HassanMehsen · ‎2021-01-21

As per RSA-2020-05, if you are already running one of the following versions:-

RSA Authentication Manager 8.4 Patch 14 Security Update 1 and later
RSA Authentication Manager 8.4 Patch 14 Security Update 1 web-tier server and later
RSA Authentication Manager 8.5 Patch 1 Security Update 1 and later
RSA Authentication Manager 8.5 Patch 1 Security Update 1 web-tier server and later.

Then you don't need to upgrade to P2 as it contain resolutions to the same vulnerabilities that P2 is fixing.

HM

JayGuillette · ‎2021-01-21

A web tier is a kind of reverse proxy server that sits in a DMZ facing the Internet so that users on the Internet that need access to the AM self-service console or need to securely download a software token through a CTKip URL.

So the simple answer is, you need to apply the Web Tier update to your Web Tier server - if you have any WebTier servers in your DMZ. Web Tiers need to stay in version synch with the AM Primary and replicas, sometimes that just needs to be done via an update button in the Operations Console under Status

Other times the update requires an uninstall and re-deployment of a new Web Tier package to the Web Tier Server.

AntonisHassioti · ‎2021-01-21

Thanks, that answers my question.

RSA SecurID® Access Discussions

Is web tier update needed?

RSA SecurID^® Access Discussions