CyberSec.Space Logo
Back to CVE Browser

CVE-2019-10104

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile22.07th
PublishedJul 3, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.

Affected Platforms (CPE)

πŸ“¦
Jetbrains

Intellij Idea

>= 2018.1 and < 2018.1.8
πŸ“¦
Jetbrains

Intellij Idea

>= 2018.2 and < 2018.2.8
πŸ“¦
Jetbrains

Intellij Idea

>= 2018.3 and < 2018.3.4
πŸ“¦
Jetbrains

Intellij Idea

>= 2018.3.5 and < 2018.3.7

References & Advisories

πŸ”— https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
πŸ”— https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Related Vulnerabilities

CVE-2019-98739.8

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencryp...

CVE-2019-98239.8

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cl...

CVE-2019-91869.8

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to ...

CVE-2020-116909.8

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.