CVE-2023-38353

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Sep 19, 2023
Updated: Oct 13, 2023
CWE ID 295

Summary

CVE-2023-38353 is a cyber vulnerability that affects MiniTool Power Data Recovery version 11.6 and earlier versions. The vulnerability involves an insecure in-app payment system that can be exploited by attackers to steal highly sensitive information through a man-in-the-middle attack. The risk score for this vulnerability is 25, indicating a medium level of severity. The base score is 5.9, with high confidentiality impact but no integrity or availability impact. The exploitability score is 2.2, suggesting that it is relatively easy for attackers to exploit this vulnerability. No privileges are required, and no user interaction is needed for the attack to occur. The affected products are 's-pbRy' and 's-pbRx'. Remediation measures should be taken by updating the MiniTool Power Data Recovery software to a version that includes a secure in-app payment system. Organizations using the vulnerable versions of this software should be aware of the potential danger posed by this vulnerability and take appropriate actions to protect sensitive information from being compromised.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38353 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options