On 08-Dec-2024, the U.S. Department of the Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to the Department’s systems by way of a compromised key. A flaw in BeyondTrust’s Remote Support product was later identified, with the accompanying CVE included in CISA’s Known Exploited Vulnerability Catalog.
Appian does not use any products by BeyondTrust and is not impacted by any related CVEs. We will continue to monitor the situation and provide any updates as appropriate.
The following CVE was released with additional information on the scope of the vulnerability:
This article applies to all supported versions of Appian.
Last reviewed: January 3, 2025