https://community.appian.com/support/w/kb/3232/kb-2258-information-about-the-ivanti-epmm-security-advisory-cve-2023-35078-cve-2023-35081en-USTelligent Community 12https://community.appian.com/support/w/kb/3232/kb-2258-information-about-the-ivanti-epmm-security-advisory-cve-2023-35078-cve-2023-35081Tue, 22 Aug 2023 20:13:10 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:d6395d53-9f7c-462b-9007-6a2f8d7ebe18Elly Menghttps://community.appian.com/support/w/kb/3232/kb-2258-information-about-the-ivanti-epmm-security-advisory-cve-2023-35078-cve-2023-35081#commentsCurrent Revision posted to Appian Knowledge Base by Elly Meng on 8/22/2023 8:13:10 PM<br /> <p><span style="font-weight:400;">On 24-July-2023, Ivanti released a </span><a href="https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> for all organizations using the Ivanti Endpoint Manager Mobile (EPMM) software, followed by a </span><a href="https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">security advisory update</span></a><span style="font-weight:400;"> on 28-July-2023.</span></p> <p></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by the vulnerability described in the Ivanti security advisory. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <p><strong>Additional Notes:</strong></p> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-35078"><span style="font-weight:400;">CVE-2023-35078</span></a><span style="font-weight:400;"> (&ldquo;Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability&rdquo;)</span><span style="font-weight:400;"><br /></span><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-35081"><span style="font-weight:400;">CVE-2023-35081</span></a><span style="font-weight:400;"> (&ldquo;Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability&rdquo;)</span><span style="font-weight:400;"><br /></span><span style="font-weight:400;"><br /></span><strong>Supporting Documentation:</strong></p> <ul> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078</span></a></li> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081</span></a><span style="font-weight:400;">&nbsp;</span></li> <li style="font-weight:400;"><a href="https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability</span></a></li> <li style="font-weight:400;"><a href="https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability</span></a></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p></p> <p><span style="font-weight:400;">Last reviewed: August 22, 2023</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> https://community.appian.com/support/w/kb/3232/kb-2258-information-about-the-ivanti-epmm-security-advisory-cve-2023-35078-cve-2023-35081/revision/2Tue, 22 Aug 2023 20:12:16 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:d6395d53-9f7c-462b-9007-6a2f8d7ebe18Elly Menghttps://community.appian.com/support/w/kb/3232/kb-2258-information-about-the-ivanti-epmm-security-advisory-cve-2023-35078-cve-2023-35081#commentsRevision 2 posted to Appian Knowledge Base by Elly Meng on 8/22/2023 8:12:16 PM<br /> <p><span style="font-weight:400;">On 24-July-2023, Ivanti released a </span><a href="https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> for all organizations using the Ivanti Endpoint Manager Mobile (EPMM) software, followed by a </span><a href="https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">security advisory update</span></a><span style="font-weight:400;"> on 28-July-2023.</span></p> <p></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by the vulnerability described in the Ivanti security advisory. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <p><strong>Additional Notes:</strong></p> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-35078"><span style="font-weight:400;">CVE-2023-35078</span></a><span style="font-weight:400;"> (&ldquo;Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability&rdquo;)</span><span style="font-weight:400;"><br /></span><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-35081"><span style="font-weight:400;">CVE-2023-35081</span></a><span style="font-weight:400;"> (&ldquo;Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability&rdquo;)</span><span style="font-weight:400;"><br /></span><span style="font-weight:400;"><br /></span><strong>Supporting Documentation:</strong></p> <ul> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078</span></a></li> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081</span></a><span style="font-weight:400;">&nbsp;</span></li> <li style="font-weight:400;"><a href="https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability</span></a></li> <li style="font-weight:400;"><a href="https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability</span></a></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p></p> <p><span style="font-weight:400;">Last reviewed: August 22, 2023</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> https://community.appian.com/support/w/kb/3232/kb-2258-information-about-the-ivanti-epmm-security-advisory-cve-2023-35078-cve-2023-35081/revision/1Tue, 22 Aug 2023 20:10:41 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:d6395d53-9f7c-462b-9007-6a2f8d7ebe18Elly Menghttps://community.appian.com/support/w/kb/3232/kb-2258-information-about-the-ivanti-epmm-security-advisory-cve-2023-35078-cve-2023-35081#commentsRevision 1 posted to Appian Knowledge Base by Elly Meng on 8/22/2023 8:10:41 PM<br /> <p><span style="font-weight:400;">On 24-July-2023, Ivanti released a </span><a href="https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> for all organizations using the Ivanti Endpoint Manager Mobile (EPMM) software, followed by a </span><a href="https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">security advisory update</span></a><span style="font-weight:400;"> on 28-July-2023.</span></p> <p></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by the vulnerability described in the Ivanti security advisory. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <p><strong>Additional Notes:</strong></p> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-35078"><span style="font-weight:400;">CVE-2023-35078</span></a><span style="font-weight:400;"> (&ldquo;Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability&rdquo;)</span><span style="font-weight:400;"><br /></span><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-35081"><span style="font-weight:400;">CVE-2023-35081</span></a><span style="font-weight:400;"> (&ldquo;Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability&rdquo;)</span><span style="font-weight:400;"><br /></span><span style="font-weight:400;"><br /></span><strong>Supporting Documentation:</strong></p> <ul> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078</span></a></li> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/07/28/ivanti-releases-security-updates-epmm-address-cve-2023-35081</span></a><span style="font-weight:400;">&nbsp;</span></li> <li style="font-weight:400;"><a href="https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability</span></a></li> <li style="font-weight:400;"><a href="https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability"><span style="font-weight:400;">https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability</span></a></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p></p> <p><span style="font-weight:400;">Last reviewed: August 22, 2023</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div>