vulnerability

JetBrains IntelliJ IDEA: CVE-2019-9186: The default configuration for Spring Boot apps was not secure. IDEA-204439

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	2019-07-03	2025-01-29	2025-04-28

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

2019-07-03

Added

2025-01-29

Modified

2025-04-28

Description

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.

Solution

jetbrains-intellij-idea-upgrade-latest

References

CVE-2019-9186
https://attackerkb.com/topics/CVE-2019-9186
URL-https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today