CVE-2019-17560

Name of the Vulnerable Software and Affected Versions: Apache NetBeans versions up to and including 11.2

Description: The issue is related to the Apache NetBeans autoupdate system, which does not validate SSL certificates and hostnames for https-based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. The vulnerability may impact the confidentiality and integrity of protected information.

Recommendations: For Apache NetBeans versions up to and including 11.2, consider disabling the autoupdate feature until a patch is available to prevent potential exploitation. Restrict access to the autoupdate system to minimize the risk of malicious code injection. Avoid using the autoupdate system for https-based downloads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.