CVE Catalog

CVE-2023-37511

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

26th percentile — higher than 26% of all known CVEs

Summary

CVE-2023-37511 concerns improper App Transport Security (ATS) settings that can lead to insecure loading of web content. If configured incorrectly, applications may be vulnerable to security attacks.

Risk Assessment

Organizations may be exposed to attacks that exploit insecure content loading, potentially leading to data leaks or malware. Improper ATS settings can threaten the integrity and confidentiality of data.

Recommendation

It is recommended to review and adjust App Transport Security settings to ensure secure loading of web content. Avoid configurations that may lead to insecure practices.

Original NVD description (English source)

If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS