CVE-2019-17560
Description
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.555
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-17560,CVE-2020-11080,CVE-2020-14583,CVE-2020-14718 are affected in Oracle GraalVM Enterprise Edition 19.3.2 | Windows |
| Vulnerabilities CVE-2019-17560,CVE-2020-11080,CVE-2020-14583,CVE-2020-14718 are affected in Oracle GraalVM Enterprise Edition 20.1.0 | Windows |
| Vulnerabilities CVE-2019-17561,CVE-2019-17560 are affected in Codehaus - netbeans 3.1.4 | Windows |
| Vulnerabilities CVE-2019-17561,CVE-2019-17560 are affected in Codehaus - netbeans for Linux 3.1.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234