Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31689 | 1 Vmware | 1 Workspace One Assist | 2022-11-10 | N/A | 9.8 CRITICAL |
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. | |||||
CVE-2022-31688 | 1 Vmware | 1 Workspace One Assist | 2022-11-10 | N/A | 6.1 MEDIUM |
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | |||||
CVE-2022-31686 | 1 Vmware | 1 Workspace One Assist | 2022-11-10 | N/A | 9.8 CRITICAL |
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
CVE-2022-31687 | 1 Vmware | 1 Workspace One Assist | 2022-11-10 | N/A | 9.8 CRITICAL |
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
CVE-2022-31685 | 1 Vmware | 1 Workspace One Assist | 2022-11-10 | N/A | 9.8 CRITICAL |
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. |