CVE-2023-38353

Summary

CVE-2023-38353 is a cyber vulnerability that affects MiniTool Power Data Recovery version 11.6 and earlier versions. The vulnerability involves an insecure in-app payment system that can be exploited by attackers to steal highly sensitive information through a man-in-the-middle attack. The risk score for this vulnerability is 25, indicating a medium level of severity. The base score is 5.9, with high confidentiality impact but no integrity or availability impact. The exploitability score is 2.2, suggesting that it is relatively easy for attackers to exploit this vulnerability. No privileges are required, and no user interaction is needed for the attack to occur. The affected products are 's-pbRy' and 's-pbRx'. Remediation measures should be taken by updating the MiniTool Power Data Recovery software to a version that includes a secure in-app payment system. Organizations using the vulnerable versions of this software should be aware of the potential danger posed by this vulnerability and take appropriate actions to protect sensitive information from being compromised.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.