{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5552","assignerOrgId":"526a354d-e866-4174-ae7d-bac848e5c4c5","state":"PUBLISHED","assignerShortName":"Sophos","dateReserved":"2023-10-12T05:55:23.384Z","datePublished":"2023-10-17T23:29:12.601Z","dateUpdated":"2024-09-13T16:21:10.363Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Sophos Firewall","vendor":"Sophos","versions":[{"status":"unaffected","version":"19.5.4"},{"status":"unaffected","version":"20.0.0"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"IT für Caritas eG"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”."}],"value":"A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”."}],"impacts":[{"capecId":"CAPEC-117","descriptions":[{"lang":"en","value":"CAPEC-117 Interception"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"526a354d-e866-4174-ae7d-bac848e5c4c5","shortName":"Sophos","dateUpdated":"2023-10-17T23:29:12.601Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:59:44.981Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-13T16:20:59.543456Z","id":"CVE-2023-5552","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-13T16:21:10.363Z"}}]}}