CVE-2019-10104
Last modified
CVE-2019-10104 is a vulnerability of currently unknown severity. In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.. EPSS estimates a 3.81% chance of exploitation in the next 30 days.
Description
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jetbrains | Intellij Idea | >= 2018.1, < 2018.1.8 |
| Jetbrains | Intellij Idea | >= 2018.2, < 2018.2.8 |
| Jetbrains | Intellij Idea | >= 2018.3, < 2018.3.4 |
| Jetbrains | Intellij Idea | >= 2018.3.5, < 2018.3.7 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10104?
How severe is CVE-2019-10104?
How do I fix CVE-2019-10104?
Are you affected by CVE-2019-10104?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST