VMware patches five vulnerabilities affecting Workspace ONE Assist

• VMware releases the patch for multiple vulnerabilities in VMware Workspace ONE Assist that were privately reported to VMware.
• Three of these vulnerabilities have a CVSSv3 score of 9.8, which is considered critical and there are no available workarounds.
• All of the vulnerabilities were reported by Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of REQON IT-Security.

VMware published an advisory that urges Workspace ONE Assist users to install the latest version. According to the advisory, the latest version patches five vulnerabilities with CVSSv3 scores ranging from 4.2 to 9.8, thus three of them are critical. VMware stated that the vulnerabilities were privately reported to VMware.

No workarounds

According to the advisory, there are no known workarounds for the vulnerabilities that are affecting Workspace ONE Assist versions 21.x and 22.x. The vulnerabilities are fixed in version 22.10. The vulnerabilities were reported by Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of REQON IT-Security.

• Authentication Bypass vulnerability (CVE-2022-31685): VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
• Broken Authentication Method vulnerability (CVE-2022-31686): VMware Workspace ONE Assist contains a Broken Authentication Method vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.
• Broken Access Control vulnerability (CVE-2022-31687): VMware Workspace ONE Assist contains a Broken Access Control vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.
• Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688): VMware Workspace ONE Assist contains a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.
• Session fixation vulnerability (CVE-2022-31689): VMware Workspace ONE Assist contains a session fixation vulnerability due to improper handling of session tokens. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.