KB-2295 Information about the ConnectWise ScreenConnect security advisory (CVE-2024-1708 & CVE-2024-1709)

Kevin Kleinegger — Tue, 27 Feb 2024 22:11:56 GMT

Current Revision posted to Appian Knowledge Base by Kevin Kleinegger on 2/27/2024 10:11:56 PM

On 19-Feb-2024, ConnectWise released a security advisory for all organizations using their ScreenConnect software on-premises offering for versions 23.9.7 and prior for a remote code execution vulnerability. Additionally, one of the described vulnerabilities was added to CISA’s Known Exploited Vulnerability catalog on 22-Feb-2024.

Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by the vulnerabilities described in the ConnectWise security advisory. We will continue to monitor the situation and provide any updates as appropriate.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2024-1708 (“Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')”)
CVE-2024-1709 (“ConnectWise ScreenConnect Authentication Bypass Vulnerability”)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Feb 26, 2024

Tags: Security

KB-2294 Information about the ConnectWise ScreenConnect security advisory (CVE-2024-1708 & CVE-2024-1709)

Kevin Kleinegger — Tue, 27 Feb 2024 22:11:36 GMT

Revision 3 posted to Appian Knowledge Base by Kevin Kleinegger on 2/27/2024 10:11:36 PM

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2024-1708 (“Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')”)
CVE-2024-1709 (“ConnectWise ScreenConnect Authentication Bypass Vulnerability”)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Feb 26, 2024

Tags: Security

DRAFT KB-2294 Information about the ConnectWise ScreenConnect security advisory (CVE-2024-1708 & CVE-2024-1709)

Kevin Kleinegger — Tue, 27 Feb 2024 22:10:15 GMT

Revision 2 posted to Appian Knowledge Base by Kevin Kleinegger on 2/27/2024 10:10:15 PM

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2024-1708 (“Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')”)
CVE-2024-1709 (“ConnectWise ScreenConnect Authentication Bypass Vulnerability”)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Feb 26, 2024

Tags: Security

DRAFT KB-2294 Information about the ConnectWise ScreenConnect security advisory (CVE-2024-1708 & CVE-2024-1709)

Kevin Kleinegger — Tue, 27 Feb 2024 22:09:54 GMT

Revision 1 posted to Appian Knowledge Base by Kevin Kleinegger on 2/27/2024 10:09:54 PM

Additional Notes:

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2024-1708 (“Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')”)
CVE-2024-1709 (“ConnectWise ScreenConnect Authentication Bypass Vulnerability”)

Supporting Documentation:

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Feb 26, 2024