Insecure In-App Payment System in MiniTool Power Data Recovery
CVE-2023-38353

5.9MEDIUM

Key Information:

Vendor

Minitool

Vendor
CVE Published:
19 September 2023

What is CVE-2023-38353?

MiniTool Power Data Recovery versions prior to 11.6 are susceptible to a vulnerability that compromises the security of its in-app payment system. This weakness allows attackers to exploit man-in-the-middle attacks, potentially leading to unauthorized access and extraction of sensitive information from users. It emphasizes the importance of secure transaction practices and the need for updates to enhance data protection.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.