Multiple vulnerabilities in JetBrains IntelliJ IDEA
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-18361 CVE-2019-14954 |
| CWE-ID | CWE-264 CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IntelliJ IDEA Web applications / Modules and components for CMS |
| Vendor | JetBrains s.r.o. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU22499
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-18361
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permission checks. A local authenticated user can escalate their privilege on the target system and potentially execute arbitrary code.
Install updates from vendor's website.
Vulnerable software versionsIntelliJ IDEA: before 2019.2
External linkshttp://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext transmission of sensitive information
EUVDB-ID: #VU22500
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14954
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can perform a man-in-the-middle attack and gain access to sensitive data.
Install updates from vendor's website.
Vulnerable software versionsIntelliJ IDEA: before 2019.2
External linkshttp://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
