VMware has patched five security flaws impacting its Workspace A single Guide remedy, some of which could be exploited to bypass authentication and get elevated permissions.
Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring technique.
CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace One Assist to obtain administrative obtain without the need to have to authenticate to the software.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
CVE-2022-31686 has been explained by the virtualization companies company as a “broken authentication strategy” vulnerability, and CVE-2022-31687 as a “Damaged Entry Control” flaw.
“A malicious actor with network accessibility may possibly be able to get hold of administrative accessibility without the need of the require to authenticate to the software,” VMware stated in an advisory for CVE-2022-31686 and CVE-2022-31687.
An additional vulnerability is a circumstance of a reflected cross-web site scripting (XSS) vulnerability (CVE-2022-31688, CVSS rating: 6.4) stemming from incorrect person enter sanitization, a thing that could be exploited to inject arbitrary JavaScript code in the target user’s window.
Rounding off the patch is a session fixation vulnerability (CVE-2022-31689, CVSS score: 4.2) that VMware explained is the end result of incorrect managing of session tokens, incorporating “a destructive actor who obtains a valid session token may possibly be equipped to authenticate to the application utilizing that token.”
Security scientists Jasper Westerman, Jan van der Place, Yanick de Pater, and Harm Blankers of Netherlands-primarily based Reqon have been credited with getting and reporting the flaws.
All the issues impression variations 21.x and 22.x of VMware Workspace Just one Support and have been mounted in version 22.10. The business also said there are no workarounds that tackle the weaknesses.
Located this write-up interesting? Stick to THN on Facebook, Twitter and LinkedIn to study much more unique content we write-up.
Some sections of this article are sourced from:
thehackernews.com
Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days