VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

Teilen:

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions.

Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system.

CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application.

CVE-2022-31686 has been described by the virtualization services provider as a “broken authentication method” vulnerability, and CVE-2022-31687 as a “Broken Access Control” flaw.

“A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application,” VMware said in an advisory for CVE-2022-31686 and CVE-2022-31687.

Another vulnerability is a case of a reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688, CVSS score: 6.4) stemming from improper user input sanitization, something that could be exploited to inject arbitrary JavaScript code in the target user’s window.

 

Rounding off the patch is a session fixation vulnerability (CVE-2022-31689, CVSS score: 4.2) that VMware said is the result of improper handling of session tokens, adding “a malicious actor who obtains a valid session token may be able to authenticate to the application using that token.”

Security researchers Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of Netherlands-based Reqon have been credited with discovering and reporting the flaws.

All the issues impact versions 21.x and 22.x of VMware Workspace ONE Assist and have been fixed in version 22.10. The company also said there are no workarounds that address the weaknesses.

https://thehackernews.com/2022/11/vmware-warns-of-3-new-critical-flaws.html

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
4:08 am, Juni 23, 2025
Wetter-Symbol 18°C
L: 17° | H: 18°
broken clouds
Luftfeuchtigkeit: 78 %
Druck: 1010 mb
Wind: 15 mph WSW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 75%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:43 am
Sonnenuntergang: 9:21 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
17° | 18°°C 0.2 mm 20% 14 mph 76 % 1016 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
13° | 22°°C 0.2 mm 20% 13 mph 80 % 1016 mb 0 mm/h
Mi. Juni 25 10:00 pm
Wetter-Symbol
16° | 27°°C 0 mm 0% 9 mph 86 % 1014 mb 0 mm/h
Do. Juni 26 10:00 pm
Wetter-Symbol
18° | 26°°C 0.48 mm 48% 14 mph 84 % 1016 mb 0 mm/h
Fr. Juni 27 10:00 pm
Wetter-Symbol
17° | 28°°C 0 mm 0% 16 mph 72 % 1019 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
16° | 17°°C 0.2 mm 20% 13 mph 76 % 1011 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
18° | 19°°C 0 mm 0% 12 mph 54 % 1013 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 12 mph 34 % 1014 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
21° | 21°°C 0 mm 0% 14 mph 32 % 1014 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 13 mph 39 % 1014 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
17° | 17°°C 0 mm 0% 10 mph 53 % 1016 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
14° | 14°°C 0 mm 0% 8 mph 69 % 1016 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
13° | 13°°C 0 mm 0% 8 mph 80 % 1015 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€88,162.20
-1.05%
Ethereum(ETH)
€1,949.66
-1.17%
Fesseln(USDT)
€0.87
0.00%
XRP(XRP)
€1.76
-1.97%
Solana(SOL)
€115.61
-1.37%
USDC(USDC)
€0.87
0.00%
Dogecoin(DOGE)
€0.132766
-1.07%
Shiba Inu(SHIB)
€0.000010
-1.51%
Pepe(PEPE)
€0.000008
-4.03%
Peanut das Eichhörnchen(PNUT)
€0.218896
13.10%
Nach oben scrollen