KB-2286 Information about the Ivanti Connect Secure and Ivanti Policy Secure security advisories (CVE-2024-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893)

Kevin Kleinegger — Tue, 06 Feb 2024 23:05:17 GMT

Current Revision posted to Appian Knowledge Base by Kevin Kleinegger on 2/6/2024 11:05:17 PM

On 10-Jan-2024, Ivanti released a security advisory for all organizations using the Ivanti Connect Secure and Ivanti Policy Secure software. On 12-Jan-2024, CISA released a security advisory, noting that the vulnerabilities identified in the vulnerable Ivanti products have been exploited in the wild. This was followed by a CISA emergency directive on 19-Jan-2024.

Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by the vulnerabilities described in the Ivanti security advisory. We will continue to monitor the situation and provide any updates as appropriate.

Additional Notes

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2024-46805 (“Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability”)
CVE-2024-21887 (“Ivanti Connect Secure and Policy Secure Command Injection Vulnerability”)
CVE-2024-21888 (“Ivanti Connect Secure and Ivanti Policy Secure privilege escalation vulnerability”)
CVE-2024-21893 (“Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery vulnerability”)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: February 7, 2024

Tags: Security

KB-2286 Information about the Ivanti Connect Secure and Ivanti Policy Secure security advisories (CVE-2024-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893)

Kevin Kleinegger — Tue, 06 Feb 2024 23:05:00 GMT

Revision 3 posted to Appian Knowledge Base by Kevin Kleinegger on 2/6/2024 11:05:00 PM

Additional Notes

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2024-46805 (“Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability”)
CVE-2024-21887 (“Ivanti Connect Secure and Policy Secure Command Injection Vulnerability”)
CVE-2024-21888 (“Ivanti Connect Secure and Ivanti Policy Secure privilege escalation vulnerability”)
CVE-2024-21893 (“Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery vulnerability”)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: January 22, 2024

Tags: Security

KB-2286 Information about the Ivanti Connect Secure and Ivanti Policy Secure security advisories (CVE-2024-46805, CVE-2024-21887)

Maggie Deppe-Walker — Mon, 22 Jan 2024 23:27:16 GMT

Revision 2 posted to Appian Knowledge Base by Maggie Deppe-Walker on 1/22/2024 11:27:16 PM

Additional Notes

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2024-46805 (“Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability”)
CVE-2024-21887 (“Ivanti Connect Secure and Policy Secure Command Injection Vulnerability”)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: January 22, 2024

Tags: Security

KB-2286

Maggie Deppe-Walker — Mon, 22 Jan 2024 23:25:58 GMT

Revision 1 posted to Appian Knowledge Base by Maggie Deppe-Walker on 1/22/2024 11:25:58 PM

Additional Notes

The following CVE was released with additional information on the scope of the vulnerability:

CVE-2024-46805 (“Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability”)
CVE-2024-21887 (“Ivanti Connect Secure and Policy Secure Command Injection Vulnerability”)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: January 22, 2024