vulnerability

JetBrains IntelliJ IDEA: CVE-2019-10104: The run configuration of certain application servers allowed remote code execution while running the server with the default settings. IDEA-204570

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	2019-07-03	2025-01-29	2025-04-28

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

2019-07-03

Added

2025-01-29

Modified

2025-04-28

Description

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.

Solution

jetbrains-intellij-idea-upgrade-latest

References

CVE-2019-10104
https://attackerkb.com/topics/CVE-2019-10104
URL-https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today