Home Security VMware Warns of three New Important Flaws Affecting Workspace ONE Help Software program

VMware Warns of three New Important Flaws Affecting Workspace ONE Help Software program

by crpt os


VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions.

Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system.

CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application.

CVE-2022-31686 has been described by the virtualization services provider as a “broken authentication method” vulnerability, and CVE-2022-31687 as a “Broken Access Control” flaw.

“A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application,” VMware said in an advisory for CVE-2022-31686 and CVE-2022-31687.

Another vulnerability is a case of a reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688, CVSS score: 6.4) stemming from improper user input sanitization, something that could be exploited to inject arbitrary JavaScript code in the target user’s window.

CyberSecurity

Rounding off the patch is a session fixation vulnerability (CVE-2022-31689, CVSS score: 4.2) that VMware said is the result of improper handling of session tokens, adding “a malicious actor who obtains a valid session token may be able to authenticate to the application using that token.”

Security researchers Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of Netherlands-based Reqon have been credited with discovering and reporting the flaws.

All the issues impact versions 21.x and 22.x of VMware Workspace ONE Assist and have been fixed in version 22.10. The company also said there are no workarounds that address the weaknesses.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex