Vulnerabilities > Jetbrains > Intellij Idea

DATE CVE VULNERABILITY TITLE RISK
2020-01-31 CVE-2020-7914 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network.
network
low complexity
jetbrains
7.5
2020-01-30 CVE-2020-7905 Unspecified vulnerability in Jetbrains Intellij Idea
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.
network
low complexity
jetbrains
7.5
2020-01-30 CVE-2020-7904 Improper Certificate Validation vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
network
high complexity
jetbrains CWE-295
7.4
2019-10-31 CVE-2019-18361 Unspecified vulnerability in Jetbrains Intellij Idea
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
local
low complexity
jetbrains
5.3
2019-10-01 CVE-2019-14954 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Intellij Idea
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
network
high complexity
jetbrains CWE-319
5.9
2019-07-03 CVE-2019-9873 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files.
network
low complexity
jetbrains CWE-522
critical
9.8
2019-07-03 CVE-2019-9872 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files.
network
high complexity
jetbrains CWE-522
8.1
2019-07-03 CVE-2019-9823 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files.
network
low complexity
jetbrains CWE-522
critical
9.8
2019-07-03 CVE-2019-9186 Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Intellij Idea
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface).
network
low complexity
jetbrains CWE-668
critical
9.8
2019-07-03 CVE-2019-10104 Unspecified vulnerability in Jetbrains Intellij Idea
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only.
network
low complexity
jetbrains
critical
9.8