{"api_version":"1","generated_at":"2026-04-23T04:11:38+00:00","cve":"CVE-2023-5552","urls":{"html":"https://cve.report/CVE-2023-5552","api":"https://cve.report/api/cve/CVE-2023-5552.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-5552","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-5552"},"summary":{"title":"CVE-2023-5552","description":"A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.","state":"PUBLIC","assigner":"security-alert@sophos.com","published_at":"2023-10-18 00:15:00","updated_at":"2023-10-25 00:01:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password","name":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-5552","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5552","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"5552","vulnerable":"1","versionEndIncluding":"19.5.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sophos","cpe5":"firewall","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-5552","ASSIGNER":"security-alert@sophos.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Sophos","product":{"product_data":[{"product_name":"Sophos Firewall","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"status":"unaffected","version":"19.5.4"},{"status":"unaffected","version":"20.0.0"}],"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password","refsource":"MISC","name":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"IT für Caritas eG"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-18 00:15:00","lastModifiedDate":"2023-10-25 00:01:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sophos:firewall:*:*:*:*:*:*:*:*","versionEndIncluding":"19.5.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}