{"containers": {"cna": {"affected": [{"product": "Apache NetBeans", "vendor": "n/a", "versions": [{"status": "affected", "version": "through 11.2"}]}], "descriptions": [{"lang": "en", "value": "The \"Apache NetBeans\" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. \"Apache NetBeans\" versions up to and including 11.2 are affected by this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Improper Validation of Integrity Check Value", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T02:23:03.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-17561", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache NetBeans", "version": {"version_data": [{"version_value": "through 11.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"Apache NetBeans\" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. \"Apache NetBeans\" versions up to and including 11.2 are affected by this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Validation of Integrity Check Value"}]}]}, "references": {"reference_data": [{"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:15.924Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-17561", "datePublished": "2020-03-30T18:44:42.000Z", "dateReserved": "2019-10-14T00:00:00.000Z", "dateUpdated": "2024-08-05T01:40:15.924Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:netbeans:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B1C4DC9-9FF2-4BAB-BCD4-6D6CC4472EE8", "versionEndIncluding": "11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "909B4029-1D4F-4D60-AC6D-98C7E9FF1B15", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:graalvm:20.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B501426C-7FB5-4C0D-83E4-0279746EFBE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The \"Apache NetBeans\" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. \"Apache NetBeans\" versions up to and including 11.2 are affected by this vulnerability."}, {"lang": "es", "value": "El sistema de actualizaci\u00f3n autom\u00e1tica de \"Apache NetBeans\" no comprueba completamente las firmas de c\u00f3digo. Un atacante podr\u00eda modificar el nbm descargado e incluir un c\u00f3digo adicional. \"Apache NetBeans\" versiones hasta 11.2 incluy\u00e9ndola est\u00e1n afectadas por esta vulnerabilidad."}], "id": "CVE-2019-17561", "lastModified": "2024-11-21T04:32:31.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-30T19:15:15.797", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}