PT-2022-5796 · Vmware · Vmware Workspace One Assist

Published

2022-11-08

Updated

2023-08-08

CVE-2022-31686

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Assist versions prior to 22.10

Description The issue is related to insufficient authentication procedure in VMware Workspace ONE Assist, allowing a remote attacker to elevate their privileges. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without authenticating to the application.

Recommendations For versions prior to 22.10, update to version 22.10 or later to resolve the issue. As a temporary workaround, consider restricting network access to Workspace ONE Assist to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2022-07196

CVE-2022-31686

Affected Products

Vmware Workspace One Assist

PT-2022-5796 · Vmware · Vmware Workspace One Assist

CVE-2022-31686

Weakness Enumeration

Related Identifiers

Affected Products

References · 8