Find Devices Potentially Vulnerable To CVE-2022-31685 and more!
VMware Workspace ONE Assist allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real time. VMware released new updates recently to combat five new vulnerabilities:
- Authentication Bypass vulnerability (CVE-2022-31685)
- Broken Authentication Method vulnerability (CVE-2022-31686)
- Broken Access Control vulnerability (CVE-2022-31687)
- Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688)
- Session fixation vulnerability (CVE-2022-31689)
The report below shows an overview of all devices that contain a VMware Workspace ONE Assist installation that is vulnerable and has not yet been updated to version 22.10.
Run our VMware Workspace ONE Assist Vulnerability Query
Select distinct Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblSoftware.softwareVersion As Version, Case When tblSoftwareUni.softwareName Like '%Workspace ONE Assist%' Then '22.10 or higher' End As [Fixed Version], tblSoftwareUni.SoftwarePublisher As Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysOS.OSname As OS, tblAssets.SP, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where ((tblSoftwareUni.softwareName Like '%Workspace ONE Assist%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 21) Or (tblSoftwareUni.softwareName Like '%Workspace ONE Assist%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 22 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) < 10)) UNION Select distinct Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblMacApplications.Version As Version, Case When tblSoftwareUni.softwareName = 'Assist' Then '22.10 or higher' End As [Fixed Version], tblSoftwareUni.SoftwarePublisher As Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysOS.OSname As OS, tblAssets.SP, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblMacApplications On tblAssets.AssetID = tblMacApplications.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where ((tblSoftwareUni.softwareName = 'Assist' And Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 21) Or (tblSoftwareUni.softwareName = 'Assist' And Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 22 And Cast(ParseName(tblMacApplications.Version, 1) As bigint) < 10))