Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31689: VMSA-2022-0028

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

CVE
#xss#vulnerability#android#mac#windows#linux#java#vmware#auth

Advisory ID: VMSA-2022-0028

CVSSv3 Range: 4.2-9.8

Issue Date: 2022-11-08

Updated On: 2022-11-08 (Initial Advisory)

CVE(s): CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

Synopsis: VMware Workspace ONE Assist update addresses multiple vulnerabilities.

****1. Impacted Products****

  • VMware Workspace ONE Assist (Assist)

****2. Introduction****

Multiple vulnerabilities in VMware Workspace ONE Assist were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.

****3a. Authentication Bypass vulnerability (CVE-2022-31685)****

VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Fixes for CVE-2022-31685 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3b. Broken Authentication Method vulnerability (CVE-2022-31686)****

VMware Workspace ONE Assist contains a Broken Authentication Method vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.

Fixes for CVE-2022-31686 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3c. Broken Access Control vulnerability (CVE-2022-31687)****

VMware Workspace ONE Assist contains a Broken Access Control vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.

Fixes for CVE-2022-31687 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3d. Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688)****

VMware Workspace ONE Assist contains a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4.

Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.

Fixes for CVE-2022-31688 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

****3e. Session fixation vulnerability (CVE-2022-31689)****

VMware Workspace ONE Assist contains a session fixation vulnerability due to improper handling of session tokens. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.

A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

Fixes for CVE-2022-31689 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Response Matrix 3a, 3b, 3c, 3d, 3e:

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Assist Server(s)

21.x, 22.x

Windows

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

4.2 - 9.8

critical

22.10

None

KB89993

Assist for macOS

Any

macOS

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Android

Any

Android

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Windows Desktop (Formerly Windows 10 Desktop)

Any

Windows

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Windows Mobile

Any

Windows Mobile

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for VMware Horizon - Windows 10 Agent

Any

Windows

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

Assist for Linux

Any

Linux

CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

N/A

N/A

Unaffected

N/A

N/A

****4. References****

****5. Change Log****

2022-11-08: VMSA-2022-0028
Initial security advisory.

****6. Contact****

Related news

Drop What You're Doing and Update iOS, Android, and Windows

Plus: Major patches dropped this month for Chrome, Firefox, VMware, Cisco, Citrix, and SAP.

Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover

Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907