DavidThomson1 (Customer) asked a question.
RSA Authentication Manager 8.9 and Security Vulnerabilities
We recently updated to RSA Authentication Manager 8.8 Patch 3 Hotfix 2 and noticed 8.9 was released. In the release notes for 8.9 it mentions it includes all features and enhancements delivered in AM 8.8 patches 1, 2, and 3. I assume that also means all the Critical Security Updates included in those versions? Also, does 8.9 contain the Critical Security Updates for the third-party component XStream 1.4.6, that were patched in AM 8.8 Patch 3 Hotfix 2?
@DavidThomson1 (Customer) ,
RSA Authentication Manager 8.9 includes all features, enhancements, and critical security updates delivered in Authentication Manager 8.8 patches 1, 2, and 3, as well as hotfix 2. This specifically includes the critical security updates for the third-party component XStream 1.4.6.
As of the current release notes and advisories, there are no documented fixes, vulnerabilities, or upgrades from Authentication Manager 8.8 patch 3 or hotfix 2 that are excluded from 8.9. The release notes and patch advisories indicate that Authentication Manager 8.9 is a cumulative release, and all critical updates from 8.8 patch 3 and hotfix 2 are incorporated.
Authentication Manager 8.9 patch 1 is tentatively scheduled for March 2026. The specific fixes and vulnerabilities to be addressed in 8.9 patch 1 have not been published yet. RSA typically aligns patch releases with Oracle Critical Patch Updates and will include any new security advisories, bug fixes, and enhancements identified after the release of 8.9.
If your scanner is still flagging vulnerabilities after installing the latest release of software, please open a support case and provide a list of CVEs in .csv format so that we can provide documentation to you.