CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability

CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability

Access control for Workspace ONE Assist is provided through the use of roles. Roles are assigned to users and provide the ability to restrict their ability to perform certain actions. When a user is added to a role, they are prevented from accessing all features of Workspace ONE Assist. A malicious user may be able to circumvent these restrictions and access features of Workspace ONE Assist not accessible to regular users.
If you have installed VMware Workspace ONE Assist prior to 22.10, it is recommended that you upgrade to the latest version as soon as possible.

VMWare Workspace ONE Assist - What is it and how does it work?

Workspace ONE Assist is a unified endpoint management offering that provides granular access control for users. It allows organizations to centrally manage endpoints, including physical and virtual desktops, laptops and tablets. By using Workspace ONE Assist, an organization can better protect sensitive information by limiting access to only those who are authorized.
In addition to restricting access, Workspace ONE Assist provides integrated support for IT security tools such as antivirus software, identity management and auditing. It also features asset discovery so administrators can easily track the location of devices on a network.

VMWARE T&M WORKAROUND

If you have installed VMware Workspace ONE Assist before 22.10, it is recommended that you upgrade to the latest version as soon as possible. In order to do this, you must update your VMware vCenter Server custom settings.
To update your vCenter Server custom settings:

How to upgrade to the latest version of VMware Workspace ONE Assist

To upgrade to the latest version of VMware Workspace ONE Assist, please follow these steps:
1. Log in to your VMware account at https://my.vmware.com/web/vmware/account
2. Click on Security and Compliance > Software Updates > Manage Software Updates
3. Update Workspace ONE Assist for vCenter Server Appliance

Installing VMware Workspace ONE Assist 22.10

VMware Workspace ONE Assist 22.10 provides access to the following new features:
- SOP-3 with OneNote Integration
- Ability to import and export User roles
- Automatically update the Role Service to avoid any potential issues
- Add more interfaces for role services such as vSphere, vRealize Operations, etc.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe