9.8
CVSSv3

CVE-2022-31686

Published: 09/11/2022 Updated: 10/11/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

VMware Workspace ONE Assist before 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware workspace one assist

Github Repositories

CVE-2022-31686 VMware Workspace ONE Assist prior to 2210 contains a Broken Authentication Method vulnerability A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application authentication complexity vector not available not available not available confidentiality inte

Recent Articles

VMware warns of three critical holes in remote-control tool
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Anyone can pretend to be your Windows IT support and take command of staff devices

VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows – a product used by IT and help desk staff to remotely take over and manage employees' devices.
The flaws are all rated 9.8 out of 10 in CVSS severity. A miscreant able to reach a Workspace ONE Assist deployment, either over the internet or on the network, can exploit any of these three bugs to obtain administrative access without the need to authenticate. At which point the intruder or rogue ...