CVE-2022-31685

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Assist versions prior to 22.10

Description The issue is related to an Authentication Bypass, which can be exploited by a malicious actor with network access to Workspace ONE Assist, potentially allowing them to obtain administrative access without authenticating to the application. This is due to weaknesses in the authentication procedure.

Recommendations For versions prior to 22.10, update to version 22.10 or later to resolve the issue. As a temporary workaround, consider restricting network access to Workspace ONE Assist to minimize the risk of exploitation.

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

BDU:2022-07525

CVE-2022-31685

Affected Products

Vmware Workspace One Assist

CVE-2022-31685

Weakness Enumeration

Related Identifiers

Affected Products

References · 8