CVE-2019-9186
Last modified
CVE-2019-9186 is a vulnerability of currently unknown severity. In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.. EPSS estimates a 4.51% chance of exploitation in the next 30 days.
Description
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jetbrains | Intellij Idea | >= 2018.1, < 2018.1.8 |
| Jetbrains | Intellij Idea | >= 2018.2, < 2018.2.8 |
| Jetbrains | Intellij Idea | >= 2018.3, < 2018.3.5 |
| Jetbrains | Intellij Idea | >= 2018.3.6, < 2019.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9186?
How severe is CVE-2019-9186?
How do I fix CVE-2019-9186?
Are you affected by CVE-2019-9186?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST