Updated RSA AM appliance from 8.6 P3 to 8.6 P4. Prior to the update to P4, Java had been at 1.8.0_331. After the update to P4, Java version dropped to 1.8.0_301. Why was this necessary? Now, the security scan result is worse.
According to the Authentication Manager 8.6 patch 4 read me, Java is rolled back to 1.8.0_331, not 1.8.0_301. What do you see if you navigate to /opt/rsa/am/appserver/jdk/jre/bin and run ./java -version?
FYI, Java will be updated in Authentication Manager 8.7 patch 1 to 1.8.0_341.