CVE-2020-3940

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

CVE-2022-22944

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.