March 28, 2023

VMware released security updates for three critical vulnerabilities in its Workspace ONE Assist product, which allows IT and help desk staff to remotely support employees.

Workspace ONE Assist is a remote desktop product that’s mainly used by tech support to troubleshoot and fix IT issues for employees from afar; as such, it operates with the highest levels of privilege, potentially giving remote attackers an ideal initial access target and pivot point to other corporate resources.

Advertisements

Three of the vulnerabilities allowed a malicious actor with network access to Workspace ONE Assist to obtain administrative access without the need to authenticate to the application. The flaws are tracked as CVE-2022-31685 (authentication bypass vulnerability), CVE-2022-31686 (broken authentication method vulnerability), and CVE-2022-31687 (broken access control vulnerability).

Also fixed in the security update for Workspace ONE Assist were two moderate vulnerabilities. One a reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688), and the other a session fixation vulnerability due to improper handling of session tokens (CVE-2022-31689).

Users should update to version 22.10 of Workspace ONE Assist to patch all of the most recently disclosed problems.

Tags:

Leave a Reply

You may have missed

Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
%d bloggers like this: