KB-2258 Information about the Ivanti EPMM security advisory (CVE-2023-35078, CVE-2023-35081)

On 24-July-2023, Ivanti released a security advisory for all organizations using the Ivanti Endpoint Manager Mobile (EPMM) software, followed by a security advisory update on 28-July-2023.

Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by the vulnerability described in the Ivanti security advisory. We will continue to monitor the situation and provide any updates as appropriate.

Additional Notes:

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2023-35078 (“Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability”)
CVE-2023-35081 (“Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability”)

Supporting Documentation:

• https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078
• https://www.cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081 
• https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
• https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: August 22, 2023