PT-2020-4107 · Apache · Apache Netbeans

Published

2020-03-30

Updated

2022-05-24

CVE-2019-17561

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions: Apache NetBeans versions up to and including 11.2

Description: The issue is related to insufficient validation of input data in the Apache NetBeans autoupdate system, which does not fully validate code signatures. This could allow a remote attacker to modify the downloaded nbm and include additional code, potentially leading to the execution of arbitrary code.

Recommendations: For Apache NetBeans versions up to and including 11.2, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the autoupdate system until a patch is available. Restrict access to the nbm files to minimize the risk of exploitation.

Fix

Improper Verification of Cryptographic Signature

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-20

Related Identifiers

BDU:2020-04510

CVE-2019-17561

GHSA-CF8Q-J9H3-7237

Affected Products

Apache Netbeans

PT-2020-4107 · Apache · Apache Netbeans

CVE-2019-17561

Weakness Enumeration

Related Identifiers

Affected Products

References · 13