Vmware Workspace One Assist vulnerabilities

CVE-2022-31686 [CRITICAL] CWE-287 CVE-2022-31686: VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

CVE-2022-31685 [CRITICAL] CWE-287 CVE-2022-31685: VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malici VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

CVE-2022-31687 [CRITICAL] CWE-284 CVE-2022-31687: VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicio VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

CVE-2022-31689 [CRITICAL] CWE-384 CVE-2022-31689: VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious ac VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

CVE-2022-31688 [MEDIUM] CWE-79 CVE-2022-31688: VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerabi VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.