CVE-2019-17560 Vulnerability Details

  /     /     /  

CVE-2019-17560 Metadata Quick Info

CVE Published: 30/03/2020 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: apache | Vendor: n/a | Product: Apache NetBeans
Status : PUBLISHED

---

CVE-2019-17560 Description

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Certificate Validation
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).