vulnerability

JetBrains IntelliJ IDEA: CVE-2019-10104: The run configuration of certain application servers allowed remote code execution while running the server with the default settings. IDEA-204570

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jul 3, 2019	Jan 29, 2025	Jun 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jul 3, 2019

Added

Jan 29, 2025

Modified

Jun 3, 2025

Description

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.

Solution

jetbrains-intellij-idea-upgrade-latest

References

CVE-2019-10104
https://attackerkb.com/topics/CVE-2019-10104
URL-https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today