Remote Code Execution Vulnerability in JetBrains IntelliJ IDEA Spring Boot Run Configuration

Remote Code Execution Vulnerability in JetBrains IntelliJ IDEA Spring Boot Run Configuration

CVE-2019-9186 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.

Learn more about our Cis Benchmark Audit For Server Software.