VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Workspace_one_assist | Vmware | * | 22.10 (excluding) |
Such a scenario is commonly observed when: