5 matches found
CVE-2022-31685
VMware Workspace ONE Assist contains CVE-2022-31685, an authentication bypass vulnerability in versions prior to 22.10. Affected component: Workspace ONE Assist server. Root cause: authentication bypass allows a network-adjacent attacker to obtain administrative access without authenticating. Imp...
CVE-2022-31687
VMware Workspace ONE Assist (VMware) before version 22.10 is affected by a Broken Access Control vulnerability (CVE-2022-31687). Affected component: Workspace ONE Assist server. Root cause: improper access control could allow a malicious actor with network access to obtain administrative privileg...
CVE-2022-31686
CVE-2022-31686 affects VMware Workspace ONE Assist prior to version 22.10. The issue is a Broken Authentication Method that could allow an attacker with network access to obtain administrative privileges without authenticating to the application. Impact is described as high (admin access, full co...
CVE-2022-31688
CVE-2022-31688 affects VMware Workspace ONE Assist prior to version 22.10. The vulnerability is a reflected cross-site scripting (XSS) flaw caused by improper sanitization of user input, enabling a malicious actor who has some user interaction to inject JavaScript into the target user’s window. T...
CVE-2022-31689
CVE-2022-31689 describes a session fixation flaw in VMware Workspace ONE Assist prior to version 22.10. A malicious actor with a valid session token could authenticate to the application using that token. Public documents confirm affected versions include 21.x and 22.x, with the issue fixed in 22...