CVE-2022-34388
11.02.2023, 01:23
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dell | supportassist_for_business_pcs | 𝑥 ≤ 3.2.0 |
| dell | supportassist_for_home_pcs | 𝑥 ≤ 3.11.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| dell | supportassist | 𝑥 ≤ 3.11.4,3.2.0 | CNA |
Common Weakness Enumeration
- CWE-318 - Cleartext Storage of Sensitive Information in ExecutableThe application stores sensitive information in cleartext in an executable.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.