Vulnerabilities > CVE-2021-30006 - XXE vulnerability in Jetbrains Intellij Idea

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jetbrains

CWE-611

NVD

Published: 2021-05-11

Updated: 2021-05-17

Summary

In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Intellij Idea - Jetbrains Intellij Idea 9.0.3 Jetbrains Intellij Idea 9.0.4 Jetbrains Intellij Idea 10.5.2 Jetbrains Intellij Idea 11.0 Jetbrains Intellij Idea 11.0.1 Jetbrains Intellij Idea 11.0.2 Jetbrains Intellij Idea 11.1 Jetbrains Intellij Idea 11.1.1 Jetbrains Intellij Idea 11.1.2 Jetbrains Intellij Idea 11.1.3 Jetbrains Intellij Idea 11.1.4 Jetbrains Intellij Idea 11.1.5 Jetbrains Intellij Idea 12.0 Jetbrains Intellij Idea 12.0.1 Jetbrains Intellij Idea 12.0.2 Jetbrains Intellij Idea 12.0.3 Jetbrains Intellij Idea 12.0.4 Jetbrains Intellij Idea 12.1 Jetbrains Intellij Idea 12.1.1 Jetbrains Intellij Idea 12.1.2 Jetbrains Intellij Idea 12.1.3 Jetbrains Intellij Idea 12.1.4 Jetbrains Intellij Idea 12.1.5 Jetbrains Intellij Idea 12.1.6 Jetbrains Intellij Idea 12.1.7 Jetbrains Intellij Idea 12.1.8 Jetbrains Intellij Idea 13.0 Jetbrains Intellij Idea 13.0.1 Jetbrains Intellij Idea 13.0.2 Jetbrains Intellij Idea 13.0.3 Jetbrains Intellij Idea 13.0.4 Jetbrains Intellij Idea 13.0.5 Jetbrains Intellij Idea 13.1 Jetbrains Intellij Idea 13.1.1 Jetbrains Intellij Idea 13.1.2 Jetbrains Intellij Idea 13.1.3 Jetbrains Intellij Idea 13.1.4 Jetbrains Intellij Idea 13.1.5 Jetbrains Intellij Idea 13.1.6 Jetbrains Intellij Idea 13.1.7 Jetbrains Intellij Idea 14.0 Jetbrains Intellij Idea 14.0.1 Jetbrains Intellij Idea 14.0.2 Jetbrains Intellij Idea 14.0.3 Jetbrains Intellij Idea 14.0.4 Jetbrains Intellij Idea 14.0.5 Jetbrains Intellij Idea 14.1 Jetbrains Intellij Idea 14.1.1 Jetbrains Intellij Idea 14.1.2 Jetbrains Intellij Idea 14.1.3 Jetbrains Intellij Idea 14.1.4 Jetbrains Intellij Idea 14.1.5 Jetbrains Intellij Idea 14.1.6 Jetbrains Intellij Idea 14.1.7 Jetbrains Intellij Idea 15.0 Jetbrains Intellij Idea 15.0.1 Jetbrains Intellij Idea 15.0.2 Jetbrains Intellij Idea 15.0.3 Jetbrains Intellij Idea 15.0.4 Jetbrains Intellij Idea 15.0.5 Jetbrains Intellij Idea 15.0.6 Jetbrains Intellij Idea 2016.1 Jetbrains Intellij Idea 2016.1.1 Jetbrains Intellij Idea 2016.1.2 Jetbrains Intellij Idea 2016.1.3 Jetbrains Intellij Idea 2016.1.4 Jetbrains Intellij Idea 2016.2 Jetbrains Intellij Idea 2016.2.1 Jetbrains Intellij Idea 2016.2.2 Jetbrains Intellij Idea 2016.2.3 Jetbrains Intellij Idea 2016.2.4 Jetbrains Intellij Idea 2016.2.5 Jetbrains Intellij Idea 2016.3 Jetbrains Intellij Idea 2016.3.2 Jetbrains Intellij Idea 2016.3.3 Jetbrains Intellij Idea 2016.3.4 Jetbrains Intellij Idea 2016.3.5 Jetbrains Intellij Idea 2016.3.6 Jetbrains Intellij Idea 2016.3.7 Jetbrains Intellij Idea 2016.3.8 Jetbrains Intellij Idea 2017.1 Jetbrains Intellij Idea 2017.1.1 Jetbrains Intellij Idea 2017.1.2 Jetbrains Intellij Idea 2017.1.3 Jetbrains Intellij Idea 2017.1.4 Jetbrains Intellij Idea 2017.1.5 Jetbrains Intellij Idea 2017.1.6 Jetbrains Intellij Idea 2017.2 Jetbrains Intellij Idea 2017.2.1 Jetbrains Intellij Idea 2017.2.2 Jetbrains Intellij Idea 2017.2.3 Jetbrains Intellij Idea 2017.2.4 Jetbrains Intellij Idea 2017.2.5 Jetbrains Intellij Idea 2017.2.6 Jetbrains Intellij Idea 2017.2.7 Jetbrains Intellij Idea 2017.3 Jetbrains Intellij Idea 2017.3.1 Jetbrains Intellij Idea 2017.3.2 Jetbrains Intellij Idea 2017.3.3 Jetbrains Intellij Idea 2017.3.4 Jetbrains Intellij Idea 2017.3.5 Jetbrains Intellij Idea 2017.3.6 Jetbrains Intellij Idea 2017.3.7 Jetbrains Intellij Idea 2018.1 Jetbrains Intellij Idea 2018.1.1 Jetbrains Intellij Idea 2018.1.2 Jetbrains Intellij Idea 2018.1.3 Jetbrains Intellij Idea 2018.1.4 Jetbrains Intellij Idea 2018.1.5 Jetbrains Intellij Idea 2018.1.6 Jetbrains Intellij Idea 2018.1.7 Jetbrains Intellij Idea 2018.1.8 Jetbrains Intellij Idea 2018.2 Jetbrains Intellij Idea 2018.2.1 Jetbrains Intellij Idea 2018.2.2 Jetbrains Intellij Idea 2018.2.3 Jetbrains Intellij Idea 2018.2.4 Jetbrains Intellij Idea 2018.2.5 Jetbrains Intellij Idea 2018.2.6 Jetbrains Intellij Idea 2018.2.7 Jetbrains Intellij Idea 2018.2.8 Jetbrains Intellij Idea 2018.3 Jetbrains Intellij Idea 2018.3.1 Jetbrains Intellij Idea 2018.3.2 Jetbrains Intellij Idea 2018.3.3 Jetbrains Intellij Idea 2018.3.4 Jetbrains Intellij Idea 2018.3.5 Jetbrains Intellij Idea 2018.3.6 Jetbrains Intellij Idea 2019.1 Jetbrains Intellij Idea 2019.1.1 Jetbrains Intellij Idea 2019.1.2 Jetbrains Intellij Idea 2019.1.3 Jetbrains Intellij Idea 2019.1.4 Jetbrains Intellij Idea 2019.2 Jetbrains Intellij Idea 2019.2.1 Jetbrains Intellij Idea 2019.2.2 Jetbrains Intellij Idea 2019.2.3 Jetbrains Intellij Idea 2019.2.4 Jetbrains Intellij Idea 2019.3 Jetbrains Intellij Idea 2019.3.0 Jetbrains Intellij Idea 2019.3.3 Jetbrains Intellij Idea 2019.3.4 Jetbrains Intellij Idea 2020.1 Jetbrains Intellij Idea 2020.2 Jetbrains Intellij Idea 2020.3	146

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References