So far this year, VMware has patched critical authentication bypass vulnerabilities approximately every three months. This article highlights the importance of keeping systems up to date in an enterprise environment. Not performing timely updates could lead to software quickly becoming outdated, which could allow for an actor to gain administrator privileges and execute remote code. It is recommended to monitor any suspicious commands or downloads following the execution of Workspace ONE Assist.
Additionally, while VMware doesn’t have a bug bounty program, these repetitive vulnerabilities highlight the importance of external security researchers for a large organization. Even with a company as large as VMware that likely has employees focused on DevSecOps and Application security, there could still be vulnerabilities that get past internal testing. External security researchers are an extra layer of security, often finding many vulnerabilities and reporting them to organizations before they can be exploited by malicious actors.
https://www.bleepingcomputer.com/news/security/vmware-fixes-three-critical-auth-bypass-bugs-in-remote-access-tool/
