Jetzt Ausprobieren

VMware Workspace ONE Assist Vulnerability Audit

Security Software Vulnerability

Find Devices Potentially Vulnerable To CVE-2022-31685 and more!

VMware Workspace ONE Assist allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real time. VMware released new updates recently to combat five new vulnerabilities:
  • Authentication Bypass vulnerability (CVE-2022-31685)
  • Broken Authentication Method vulnerability (CVE-2022-31686)
  • Broken Access Control vulnerability (CVE-2022-31687)
  • Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688)
  • Session fixation vulnerability (CVE-2022-31689)
The report below shows an overview of all devices that contain a VMware Workspace ONE Assist installation that is vulnerable and has not yet been updated to version 22.10.

VMware Workspace ONE Assist example

Run our VMware Workspace ONE Assist Vulnerability Query

Select distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
Case
When tblSoftwareUni.softwareName Like '%Workspace ONE Assist%' Then '22.10 or higher'
End As [Fixed Version],
tblSoftwareUni.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where ((tblSoftwareUni.softwareName Like '%Workspace ONE Assist%' And
Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 21) Or
(tblSoftwareUni.softwareName Like '%Workspace ONE Assist%' And
Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 22 And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) < 10))
UNION
Select distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblMacApplications.Version As Version,
Case
When tblSoftwareUni.softwareName = 'Assist' Then '22.10 or higher'
End As [Fixed Version],
tblSoftwareUni.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblMacApplications On tblAssets.AssetID = tblMacApplications.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblMacApplications.softid
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where ((tblSoftwareUni.softwareName = 'Assist' And
Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 21) Or
(tblSoftwareUni.softwareName = 'Assist' And
Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 22 And
Cast(ParseName(tblMacApplications.Version, 1) As bigint) < 10))

Show

Hide