Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Filtered by product Workspace One Assist
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31689 1 Vmware 1 Workspace One Assist 2024-11-21 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
CVE-2022-31688 1 Vmware 1 Workspace One Assist 2024-11-21 N/A 6.1 MEDIUM
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
CVE-2022-31687 1 Vmware 1 Workspace One Assist 2024-11-21 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVE-2022-31686 1 Vmware 1 Workspace One Assist 2024-11-21 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVE-2022-31685 1 Vmware 1 Workspace One Assist 2024-11-21 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.