CVE-2021-45977 (GCVE-0-2021-45977)

Vulnerability from cvelistv5 – Published: 2022-02-25 14:36 – Updated: 2024-08-04 04:54
VLAI?
Summary
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:54:31.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jetbrains.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-25T14:36:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jetbrains.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jetbrains.com",
              "refsource": "MISC",
              "url": "https://jetbrains.com"
            },
            {
              "name": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/",
              "refsource": "MISC",
              "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45977",
    "datePublished": "2022-02-25T14:36:13",
    "dateReserved": "2022-01-01T00:00:00",
    "dateUpdated": "2024-08-04T04:54:31.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:clion:2021.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7905F91F-C635-4247-9035-2A925D81DAD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:goland:2021.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1580A59C-98A3-4364-8CE6-446978717DC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:preview:*:*:*:*:*:*\", \"matchCriteriaId\": \"58106DEB-A207-419E-BC7D-3314A183933C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:rc:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9BFA1D8-88E8-4FAE-8AA1-E6B5A1A2B116\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:phpstorm:2021.3.1:preview:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC94D4DD-BF03-4AC0-BC09-AFC0A610EAC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:phpstorm:2021.3.1:rc:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F0AAD1A-350D-4C05-851F-336B002D7625\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:pycharm:2021.3.1:2021.3.1:*:*:professional:*:*:*\", \"matchCriteriaId\": \"863E231E-BA8B-4AFF-93B5-AC4B6ED77DB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:rubymine:2021.3.1:preview:*:*:*:*:*:*\", \"matchCriteriaId\": \"53907452-7757-478A-BB2C-6BC6D71021BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:rubymine:2021.3.1:rc:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA1040E6-253E-4B28-9742-D0ECC253BF99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:webstorm:2021.3.1:preview:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C1FC666-E2B2-4A7A-8D85-D5B9BDF7CA30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetbrains:webstorm:2021.3.1:rc:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE80631A-58C8-41B0-A64C-EA4BACB4DB5D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.\"}, {\"lang\": \"es\", \"value\": \"JetBrains IntelliJ IDEA versi\\u00f3n 2021.3.1 Preview, IntelliJ IDEA versi\\u00f3n 2021.3.1 RC, PyCharm Professional versi\\u00f3n 2021.3.1 RC, GoLand versi\\u00f3n 2021.3.1, PhpStorm versi\\u00f3n 2021.3.1 Preview, PhpStorm versi\\u00f3n 2021.3.1 RC, RubyMine versi\\u00f3n 2021. 3.1 Preview, RubyMine versi\\u00f3n 2021.3.1 RC, CLion versi\\u00f3n 2021.3.1, WebStorm versi\\u00f3n 2021.3.1 Preview, y WebStorm versi\\u00f3n 2021.3.1 RC (usados como IDEs de desarrollo remoto) son enlazados a la direcci\\u00f3n IP 0.0.0.0. Las versiones fijas son: IntelliJ IDEA versi\\u00f3n 2021.3.1, PyCharm Professional versi\\u00f3n 2021.3.1, GoLand versi\\u00f3n 2021.3.2, PhpStorm versi\\u00f3n 2021.3.1 (213.6461.83), RubyMine versi\\u00f3n 2021.3.1, CLion versi\\u00f3n 2021.3.2, y WebStorm versi\\u00f3n 2021.3.1.\"}]",
      "id": "CVE-2021-45977",
      "lastModified": "2024-11-21T06:33:24.713",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-25T15:15:09.667",
      "references": "[{\"url\": \"https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jetbrains.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jetbrains.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-45977\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-25T15:15:09.667\",\"lastModified\":\"2024-11-21T06:33:24.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.\"},{\"lang\":\"es\",\"value\":\"JetBrains IntelliJ IDEA versi\u00f3n 2021.3.1 Preview, IntelliJ IDEA versi\u00f3n 2021.3.1 RC, PyCharm Professional versi\u00f3n 2021.3.1 RC, GoLand versi\u00f3n 2021.3.1, PhpStorm versi\u00f3n 2021.3.1 Preview, PhpStorm versi\u00f3n 2021.3.1 RC, RubyMine versi\u00f3n 2021. 3.1 Preview, RubyMine versi\u00f3n 2021.3.1 RC, CLion versi\u00f3n 2021.3.1, WebStorm versi\u00f3n 2021.3.1 Preview, y WebStorm versi\u00f3n 2021.3.1 RC (usados como IDEs de desarrollo remoto) son enlazados a la direcci\u00f3n IP 0.0.0.0. Las versiones fijas son: IntelliJ IDEA versi\u00f3n 2021.3.1, PyCharm Professional versi\u00f3n 2021.3.1, GoLand versi\u00f3n 2021.3.2, PhpStorm versi\u00f3n 2021.3.1 (213.6461.83), RubyMine versi\u00f3n 2021.3.1, CLion versi\u00f3n 2021.3.2, y WebStorm versi\u00f3n 2021.3.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:clion:2021.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7905F91F-C635-4247-9035-2A925D81DAD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:goland:2021.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1580A59C-98A3-4364-8CE6-446978717DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:preview:*:*:*:*:*:*\",\"matchCriteriaId\":\"58106DEB-A207-419E-BC7D-3314A183933C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:intellij_idea:2021.3.1:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9BFA1D8-88E8-4FAE-8AA1-E6B5A1A2B116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:phpstorm:2021.3.1:preview:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC94D4DD-BF03-4AC0-BC09-AFC0A610EAC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:phpstorm:2021.3.1:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F0AAD1A-350D-4C05-851F-336B002D7625\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:pycharm:2021.3.1:2021.3.1:*:*:professional:*:*:*\",\"matchCriteriaId\":\"863E231E-BA8B-4AFF-93B5-AC4B6ED77DB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:rubymine:2021.3.1:preview:*:*:*:*:*:*\",\"matchCriteriaId\":\"53907452-7757-478A-BB2C-6BC6D71021BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:rubymine:2021.3.1:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA1040E6-253E-4B28-9742-D0ECC253BF99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:webstorm:2021.3.1:preview:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C1FC666-E2B2-4A7A-8D85-D5B9BDF7CA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:webstorm:2021.3.1:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE80631A-58C8-41B0-A64C-EA4BACB4DB5D\"}]}]}],\"references\":[{\"url\":\"https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jetbrains.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jetbrains.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.