SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.
2023-02-11T01:23:24.353
2024-11-21T07:09:25.447
Modified
CVSSv3.1: 5.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | dell | supportassist_for_home_pcs | ≤ 3.11.4 | Yes |