CVE-2022-31688

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Assist versions prior to 22.10

Description The issue arises from improper user input sanitization, allowing a malicious actor with some user interaction to inject javascript code in the target user's window, thus enabling a reflected cross-site scripting (XSS) attack. This could potentially be exploited by a remote attacker to conduct an XSS attack.

Recommendations For versions prior to 22.10, update to version 22.10 or later to resolve the issue. As a temporary workaround, consider restricting user interaction with potentially malicious inputs until a patch is applied.