VMware released security updates to fix 3 critical vulnerabilities in their One Assist Software. A malicious actor with network access may be able to obtain administrator access without the need to authenticate.
Workspace One Assist is a real-time remote support software.
These flaws are being tracked as CVE-2022-31685 (Authentication Bypass Vulnerability), CVE-2022-31686 (Broken Authentication Method vulnerability), and CVE-2022-31687 (Broken Access Control vulnerability).
VMware patched several other vulnerabilities listed below along with the critical flaws above.
VMware released a patch to fix these issues with Workspace One Assist 22.10.