CVE-2023-22733

Name: CVE-2023-22733
Creator: NVD / NIST
Published: 2023-01-17T22:15:11.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.70%

Last modified Jun 17, 2026

CVE-2023-22733 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. EPSS estimates a 0.70% chance of exploitation in the next 30 days.

Description

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.70%

48.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-532

Affected Software

Vendor	Product	Versions
Shopware	Shopware	< 6.4.18.1

References

https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#loggingVendor Advisory
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updatesPatch, Vendor Advisory
https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07Patch, Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4fThird Party Advisory
https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#loggingVendor Advisory
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updatesPatch, Vendor Advisory
https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07Patch, Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4fThird Party Advisory

Timeline

Published: Jan 17, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-22733?

How severe is CVE-2023-22733?

CVE-2023-22733 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.70% probability of exploitation in the next 30 days.

How do I fix CVE-2023-22733?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-22733?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST