CVE-2021-45977

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/	Vendor Advisory
https://jetbrains.com	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jetbrains:clion:2021.3.1:::::::*
	cpe:2.3:a:jetbrains:goland:2021.3.1:::::::*
	cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:preview::::::
	cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:rc::::::
	cpe:2.3:a:jetbrains:phpstorm:2021.3.1:preview::::::
	cpe:2.3:a:jetbrains:phpstorm:2021.3.1:rc::::::
	cpe:2.3:a:jetbrains:pycharm:2021.3.1:2021.3.1:::professional:::*
	cpe:2.3:a:jetbrains:rubymine:2021.3.1:preview::::::
	cpe:2.3:a:jetbrains:rubymine:2021.3.1:rc::::::
	cpe:2.3:a:jetbrains:webstorm:2021.3.1:preview::::::
	cpe:2.3:a:jetbrains:webstorm:2021.3.1:rc::::::

History

No history.

Information

Published : 2022-02-25 15:15

Updated : 2024-02-28 19:09

NVD link : CVE-2021-45977

Mitre link : CVE-2021-45977

CVE.ORG link : CVE-2021-45977

JSON object : View

Products Affected

jetbrains

rubymine
intellij_idea
phpstorm
pycharm
clion
goland
webstorm

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-45977", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-02-25T15:15:09.667", "references": [{"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jetbrains.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1."}, {"lang": "es", "value": "JetBrains IntelliJ IDEA versi\u00f3n 2021.3.1 Preview, IntelliJ IDEA versi\u00f3n 2021.3.1 RC, PyCharm Professional versi\u00f3n 2021.3.1 RC, GoLand versi\u00f3n 2021.3.1, PhpStorm versi\u00f3n 2021.3.1 Preview, PhpStorm versi\u00f3n 2021.3.1 RC, RubyMine versi\u00f3n 2021. 3.1 Preview, RubyMine versi\u00f3n 2021.3.1 RC, CLion versi\u00f3n 2021.3.1, WebStorm versi\u00f3n 2021.3.1 Preview, y WebStorm versi\u00f3n 2021.3.1 RC (usados como IDEs de desarrollo remoto) son enlazados a la direcci\u00f3n IP 0.0.0.0. Las versiones fijas son: IntelliJ IDEA versi\u00f3n 2021.3.1, PyCharm Professional versi\u00f3n 2021.3.1, GoLand versi\u00f3n 2021.3.2, PhpStorm versi\u00f3n 2021.3.1 (213.6461.83), RubyMine versi\u00f3n 2021.3.1, CLion versi\u00f3n 2021.3.2, y WebStorm versi\u00f3n 2021.3.1."}], "lastModified": "2022-03-08T15:58:54.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jetbrains:clion:2021.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7905F91F-C635-4247-9035-2A925D81DAD1"}, {"criteria": "cpe:2.3:a:jetbrains:goland:2021.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1580A59C-98A3-4364-8CE6-446978717DC0"}, {"criteria": "cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:preview:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58106DEB-A207-419E-BC7D-3314A183933C"}, {"criteria": "cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9BFA1D8-88E8-4FAE-8AA1-E6B5A1A2B116"}, {"criteria": "cpe:2.3:a:jetbrains:phpstorm:2021.3.1:preview:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC94D4DD-BF03-4AC0-BC09-AFC0A610EAC1"}, {"criteria": "cpe:2.3:a:jetbrains:phpstorm:2021.3.1:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F0AAD1A-350D-4C05-851F-336B002D7625"}, {"criteria": "cpe:2.3:a:jetbrains:pycharm:2021.3.1:2021.3.1:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "863E231E-BA8B-4AFF-93B5-AC4B6ED77DB9"}, {"criteria": "cpe:2.3:a:jetbrains:rubymine:2021.3.1:preview:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53907452-7757-478A-BB2C-6BC6D71021BF"}, {"criteria": "cpe:2.3:a:jetbrains:rubymine:2021.3.1:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA1040E6-253E-4B28-9742-D0ECC253BF99"}, {"criteria": "cpe:2.3:a:jetbrains:webstorm:2021.3.1:preview:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C1FC666-E2B2-4A7A-8D85-D5B9BDF7CA30"}, {"criteria": "cpe:2.3:a:jetbrains:webstorm:2021.3.1:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE80631A-58C8-41B0-A64C-EA4BACB4DB5D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}