PT-2022-6515 · Dell · Dell Supportassist For Business Pcs+1
Published
2022-10-11
·
Updated
2023-02-21
·
CVE-2022-34388
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Dell SupportAssist for Home PCs versions 3.11.4 and prior
Dell SupportAssist for Business PCs versions 3.2.0 and prior
Description
The issue is related to an information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. The vulnerability is also associated with the unencrypted storage of critical information, which could allow an attacker to gain unauthorized access to protected information.
Recommendations
For Dell SupportAssist for Home PCs versions 3.11.4 and prior, update to a version later than 3.11.4 to resolve the issue.
For Dell SupportAssist for Business PCs versions 3.2.0 and prior, update to a version later than 3.2.0 to resolve the issue.
As a temporary workaround, consider restricting access to the database of the affected application to minimize the risk of exploitation.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Supportassist For Business Pcs
Dell Supportassist For Home Pcs