vulnerability

JetBrains IntelliJ IDEA: CVE-2019-9186: The default configuration for Spring Boot apps was not secure. IDEA-204439

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jul 3, 2019

Added

Jan 29, 2025

Modified

Mar 25, 2026

Description

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.

Solution

jetbrains-intellij-idea-upgrade-latest

References

CVE-2019-9186
https://attackerkb.com/topics/CVE-2019-9186
CWE-668
EUVD-EUVD-2019-18563
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-18563

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report