VMware has patched five security flaws that affect that vulnerability. Workspace ONE Assist Some of the solutions can be abused to bypass authentication and gain elevated permissions.

Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All shortcomings are rated 9.8 on the CVSS vulnerability scoring system.

CVE-2022-31685 is an authentication bypass flaw that can be exploited by an attacker with network access to VMware Workspace ONE Assist to gain administrative access to the application without requiring authentication.

The virtualization service provider describes CVE-2022-31686 as a “broken authentication method” vulnerability and CVE-2022-31687 as a “broken access control” vulnerability.

“A malicious actor with network access could gain administrative access without requiring authentication to the application” VMware Said In advisories for CVE-2022-31686 and CVE-2022-31687.

Another vulnerability is reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688, CVSS score: 6.4) is due to improper sanitization of user input and can be exploited to inject arbitrary JavaScript code into the target user’s window .

cyber security

The rounding of the patch is Session fixation vulnerability (CVE-2022-31689, CVSS score: 4.2) This is the result of improper handling of session tokens, VMware said, stating that “a malicious actor who has obtained a valid may be able to authenticate the application using

Dutch-based Reqon security researchers Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers are credited with discovering and reporting the flaw.

All issues affect and are fixed in VMware Workspace ONE Assist versions 21.x and 22.x. Version 22.10The company also said there is no workaround to address the weakness.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog