CVE-2023-5552 Information

Description

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older if the password type is set to “Specified by sender”.

Reference

https://www.sophos.com/en-us/security-advisories/sophos-sa-20231017-spx-password