CVE-2022-31686 VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability

Workspace ONE does not suggest any action for users to take. In order to ensure the integrity of the Workspace ONE environment, a patch is being released to address this issue immediately. The patch will be installed via a scheduled update.

For those using Workspace ONE Assist prior to 22.10, the upgrade is recommended.
This issue has been assigned the identifier CVE-2019-5713.

VMware will release a patch for this issue. In order to ensure the integrity of the Workspace ONE environment, a patch is being released to address this issue immediately. The patch will be installed via a scheduled update.

Important Information

- VMware will issue a patch for this issue on 22/10/2019.
- The upgrade is recommended to users on Workspace ONE Assist prior to 22.10.

Symptoms of Workspace ONE Assist failing to suggest actions

Workspace ONE Assist does not suggest any actions.

If you are running an earlier version of Workspace ONE Assist and your system is failing to suggest actions, this may be a symptom of the issue described in CVE-2019-5713.

What is Workspace ONE?

Workspace ONE is a collaboration platform that enables virtual teams to work together on projects in real-time. Workspace ONE provides a modern, secure and simple-to-use platform for your business. It offers an online presence where teams can share ideas, plan events, create and share documents and data. The platform integrates with existing enterprise applications such as Microsoft Office 365 and Google Drive to maximize time spent collaborating and moving projects forward. When you use Workspace ONE, you are able to work better and smarter with colleagues across the globe.

The VMware System Center Operations Manager agent on Windows has a vulnerability that may allow remote code execution (CVE-2019-5713). This vulnerability impacts all versions of the System Center Operations Manager agent installed on Windows prior to 22.10 (the last version released).

VMware does not recommend any action for users to take in response to this issue. For customers using the Workplace ONE server prior to 22.10, this vulnerability impacts workloads that are hosted on it. However, VMware will release an update for these workloads soon after 22.10 is available via a scheduled update.

What to do if you are currently using Workspace ONE Assist

If you are currently using Workspace ONE Assist, the upgrade is recommended.

What is VMware Workspace ONE?

VMware Workspace ONE is the foundation for future virtualized, cloud-ready enterprise desktops. Its modular approach allows enterprises to deploy desktop management software that best fits their needs and ensures security and compliance. VMware Workspace ONE modules include Desktop Management, Endpoint Management, Security, Mobility, and Cloud Management.

Timeline

Published on: 11/09/2022 21:15:00 UTC
Last modified on: 11/10/2022 19:49:00 UTC

References

• https://www.vmware.com/security/advisories/VMSA-2022-0028.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31686