Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains Subscribe
Filtered by product Intellij Idea

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51655 1 Jetbrains 1 Intellij Idea 2023-12-29 N/A 9.8 CRITICAL
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
CVE-2019-9186 1 Jetbrains 1 Intellij Idea 2021-07-21 7.5 HIGH 9.8 CRITICAL
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
CVE-2019-10104 1 Jetbrains 1 Intellij Idea 2020-08-24 7.5 HIGH 9.8 CRITICAL
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
CVE-2019-9823 1 Jetbrains 1 Intellij Idea 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.
CVE-2019-9873 1 Jetbrains 1 Intellij Idea 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
CVE-2020-11690 1 Jetbrains 1 Intellij Idea 2020-04-29 7.5 HIGH 9.8 CRITICAL
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.