VMSA-2022-0028

Critical

Advisory ID: VMSA-2022-0028

CVSSv3 Range: 4.2-9.8

Issue Date: 2022-11-08

Updated On: 2022-11-08 (Initial Advisory)

CVE(s): CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689

Synopsis: VMware Workspace ONE Assist update addresses multiple vulnerabilities.

1. Impacted Products

VMware Workspace ONE Assist (Assist)

2. Introduction

Multiple vulnerabilities in VMware Workspace ONE Assist were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.

3a. Authentication Bypass vulnerability (CVE-2022-31685)

Description

VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Resolution

Fixes for CVE-2022-31685 are documented in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

Introducing Workspace ONE Assist 22.10 (89993).

Acknowledgements

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Notes

None.

3b. Broken Authentication Method vulnerability (CVE-2022-31686)

Description

VMware Workspace ONE Assist contains a Broken Authentication Method vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.

Resolution

Fixes for CVE-2022-31686 are documented in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

Introducing Workspace ONE Assist 22.10 (89993).

Acknowledgements

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Notes

None.

3c. Broken Access Control vulnerability (CVE-2022-31687)

Description

VMware Workspace ONE Assist contains a Broken Access Control vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application.

Resolution

Fixes for CVE-2022-31687 are documented in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

Introducing Workspace ONE Assist 22.10 (89993).

Acknowledgements

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Notes

None.

3d. Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688)

Description

VMware Workspace ONE Assist contains a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4.

Known Attack Vectors

Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

Resolution

Fixes for CVE-2022-31688 are documented in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

Introducing Workspace ONE Assist 22.10 (89993).

Acknowledgements

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Notes

None.

3e. Session fixation vulnerability (CVE-2022-31689)

Description

VMware Workspace ONE Assist contains a session fixation vulnerability due to improper handling of session tokens. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.

Known Attack Vectors

A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

Resolution

Fixes for CVE-2022-31689 are documented in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

Introducing Workspace ONE Assist 22.10 (89993).

Acknowledgements

VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Notes

None.

Response Matrix 3a, 3b, 3c, 3d, 3e:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
Assist Server(s)	21.x, 22.x	Windows	CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689	4.2 - 9.8	critical	22.10	None	KB89993
Assist for macOS	Any	macOS	CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689	N/A	N/A	Unaffected	N/A	N/A
Assist for Android	Any	Android	CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689	N/A	N/A	Unaffected	N/A	N/A
Assist for Windows Desktop (Formerly Windows 10 Desktop)	Any	Windows	CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689	N/A	N/A	Unaffected	N/A	N/A
Assist for Windows Mobile	Any	Windows Mobile	CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689	N/A	N/A	Unaffected	N/A	N/A
Assist for VMware Horizon - Windows 10 Agent	Any	Windows	CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689	N/A	N/A	Unaffected	N/A	N/A
Assist for Linux	Any	Linux	CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689	N/A	N/A	Unaffected	N/A	N/A