Headline
CVE-2022-31689: VMSA-2022-0028
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
Advisory ID: VMSA-2022-0028
CVSSv3 Range: 4.2-9.8
Issue Date: 2022-11-08
Updated On: 2022-11-08 (Initial Advisory)
CVE(s): CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
Synopsis: VMware Workspace ONE Assist update addresses multiple vulnerabilities.
****1. Impacted Products****
- VMware Workspace ONE Assist (Assist)
****2. Introduction****
Multiple vulnerabilities in VMware Workspace ONE Assist were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.
****3a. Authentication Bypass vulnerability (CVE-2022-31685)****
VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Fixes for CVE-2022-31685 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.
****3b. Broken Authentication Method vulnerability (CVE-2022-31686)****
VMware Workspace ONE Assist contains a Broken Authentication Method vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.
Fixes for CVE-2022-31686 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.
****3c. Broken Access Control vulnerability (CVE-2022-31687)****
VMware Workspace ONE Assist contains a Broken Access Control vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.
Fixes for CVE-2022-31687 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.
****3d. Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688)****
VMware Workspace ONE Assist contains a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4.
Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.
Fixes for CVE-2022-31688 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.
****3e. Session fixation vulnerability (CVE-2022-31689)****
VMware Workspace ONE Assist contains a session fixation vulnerability due to improper handling of session tokens. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.
A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
Fixes for CVE-2022-31689 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.
Response Matrix 3a, 3b, 3c, 3d, 3e:
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Assist Server(s)
21.x, 22.x
Windows
CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
4.2 - 9.8
critical
22.10
None
KB89993
Assist for macOS
Any
macOS
CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
N/A
N/A
Unaffected
N/A
N/A
Assist for Android
Any
Android
CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
N/A
N/A
Unaffected
N/A
N/A
Assist for Windows Desktop (Formerly Windows 10 Desktop)
Any
Windows
CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
N/A
N/A
Unaffected
N/A
N/A
Assist for Windows Mobile
Any
Windows Mobile
CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
N/A
N/A
Unaffected
N/A
N/A
Assist for VMware Horizon - Windows 10 Agent
Any
Windows
CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
N/A
N/A
Unaffected
N/A
N/A
Assist for Linux
Any
Linux
CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689
N/A
N/A
Unaffected
N/A
N/A
****4. References****
****5. Change Log****
2022-11-08: VMSA-2022-0028
Initial security advisory.
****6. Contact****
Related news
Plus: Major patches dropped this month for Chrome, Firefox, VMware, Cisco, Citrix, and SAP.
Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an