Security News > 2022 > November > VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions.
Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687.
CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application.
"A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application," VMware said in an advisory for CVE-2022-31686 and CVE-2022-31687.
Rounding off the patch is a session fixation vulnerability that VMware said is the result of improper handling of session tokens, adding "a malicious actor who obtains a valid session token may be able to authenticate to the application using that token."
All the issues impact versions 21.x and 22.x of VMware Workspace ONE Assist and have been fixed in version 22.10.
News URL
https://thehackernews.com/2022/11/vmware-warns-of-3-new-critical-flaws.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2022-31687 | Unspecified vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. | 9.8 |
| 2022-11-09 | CVE-2022-31686 | Unspecified vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. | 9.8 |
| 2022-11-09 | CVE-2022-31685 | Unspecified vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. | 9.8 |