On 1-Nov-2022 the OpenSSL Project published a High Severity security advisory to all organizations using OpenSSL 3.0.0 - 3.0.6.
Upon assessing the Appian platform against the details of the CVEs, we can confirm that the Appian platform is not impacted by vulnerabilities described by the OpenSSL security advisory. We will continue to monitor the situation and provide any updates as appropriate.
Additional Notes:
The following 2 CVEs were released with additional information on the scope of the vulnerabilities:
CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”).
Supporting Documentation:
This article applies to all supported versions of Appian.
Last Reviewed: November 16, 2022