Is web tier update needed?
As per RSA-2020-05, if you are already running one of the following versions:-
- RSA Authentication Manager 8.4 Patch 14 Security Update 1 and later
- RSA Authentication Manager 8.4 Patch 14 Security Update 1 web-tier server and later
- RSA Authentication Manager 8.5 Patch 1 Security Update 1 and later
- RSA Authentication Manager 8.5 Patch 1 Security Update 1 web-tier server and later.
Then you don't need to upgrade to P2 as it contain resolutions to the same vulnerabilities that P2 is fixing.
A web tier is a kind of reverse proxy server that sits in a DMZ facing the Internet so that users on the Internet that need access to the AM self-service console or need to securely download a software token through a CTKip URL.
So the simple answer is, you need to apply the Web Tier update to your Web Tier server - if you have any WebTier servers in your DMZ. Web Tiers need to stay in version synch with the AM Primary and replicas, sometimes that just needs to be done via an update button in the Operations Console under Status
Other times the update requires an uninstall and re-deployment of a new Web Tier package to the Web Tier Server.