Vulnerabilities > Jetbrains
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2019-12850 | SQL Injection vulnerability in Jetbrains Youtrack A query injection was possible in JetBrains YouTrack. | 9.8 |
| 2019-07-03 | CVE-2019-12847 | Insufficiently Protected Credentials vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. | 7.2 |
| 2019-07-03 | CVE-2019-10104 | Unspecified vulnerability in Jetbrains Intellij Idea In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. | 9.8 |
| 2019-07-03 | CVE-2019-10100 | Code Injection vulnerability in Jetbrains Youtrack Integration In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. | 9.8 |
| 2018-08-13 | CVE-2018-14878 | Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | 7.8 |
| 2018-08-03 | CVE-2017-8316 | XXE vulnerability in Jetbrains Intellij Idea IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | 7.5 |