CVE-2022-31685

2022-11-0921:15:15

vmware

web.nvd.nist.gov

vmware

workspace one assist

cve-2022-31685

authentication bypass

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

53.0%

JSON

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Affected configurations

Nvd

Node

vmwareworkspace_one_assistRange<22.10

VendorProductVersionCPE
vmwareworkspace_one_assist*cpe:2.3:a:vmware:workspace_one_assist:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	workspace_one_assist	*	cpe:2.3:a:vmware:workspace_one_assist::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "VMware Workspace ONE Assist",
    "versions": [
      {
        "version": "VMware Workspace ONE Assist prior to 22.10",
        "status": "affected"
      }
    ]
  }
]