VMware has patched five security flaws impacting its Workspace A single Guide remedy, some of which could be exploited to bypass authentication and get elevated permissions.
Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring technique.
CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace One Assist to obtain administrative obtain without the need to have to authenticate to the software.
CVE-2022-31686 has been explained by the virtualization companies company as a “broken authentication strategy” vulnerability, and CVE-2022-31687 as a “Damaged Entry Control” flaw.
“A malicious actor with network accessibility may possibly be able to get hold of administrative accessibility without the need of the require to authenticate to the software,” VMware stated in an advisory for CVE-2022-31686 and CVE-2022-31687.
Rounding off the patch is a session fixation vulnerability (CVE-2022-31689, CVSS score: 4.2) that VMware explained is the end result of incorrect managing of session tokens, incorporating “a destructive actor who obtains a valid session token may possibly be equipped to authenticate to the application utilizing that token.”
Security scientists Jasper Westerman, Jan van der Place, Yanick de Pater, and Harm Blankers of Netherlands-primarily based Reqon have been credited with getting and reporting the flaws.
All the issues impression variations 21.x and 22.x of VMware Workspace Just one Support and have been mounted in version 22.10. The business also said there are no workarounds that tackle the weaknesses.
Located this write-up interesting? Stick to THN on Facebook, Twitter and LinkedIn to study much more unique content we write-up.
Some sections of this article are sourced from: