Critical Vulnerabilities in VMware Workspace ONE Assist

Published on 09 Nov 2022

Updated on 09 Nov 2022

VMware has released security updates to address three critical vulnerabilities (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687) in their VMware Workspace ONE Assist product. The three vulnerabilities each have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of any one of these three vulnerabilities could allow an attacker with network access to obtain administrative access without the need to authenticate to the application.

VMware Workspace ONE Assist versions 21.x and 22.x are affected by these vulnerabilities. Administrators and users of the affected product versions are advised to upgrade to the latest version immediately.

More information is available here: