1. Home
  2. Vulnerabilities
  3. CVE-2019-17560

CVE-2019-17560

CVSS v3.1 9.1 (Critical)
91% Progress
CVSS v2.0 6.4 (Medium)
64% Progress
EPSS 0.06 % (24th)
0.06% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Graph Web & Social Timeline

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

Weaknesses
CWE-295
Improper Certificate Validation
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2020-03-30 19:15:15
(4 years ago)
Updated Date
2023-01-27 18:31:49
(20 months ago)

Affected Products

Apache

Oracle

Configuration #1

    CPE23 From Up To
  Apache Netbeans 11.2 and prior versions cpe:2.3:a:apache:netbeans <= 11.2

Configuration #2

    CPE23 From Up To
  Oracle Graalvm 19.3.2 cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise
  Oracle Graalvm 20.1.0 cpe:2.3:a:oracle:graalvm:20.1.0:*:*:*:enterprise