Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-24345
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-25
CVE-2022-24346
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-25
CVE-2022-24347
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-25
CVE-2021-45977
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
CVE-2022-24327
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-02-25
CVE-2022-24328
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-02-25
CVE-2022-24329
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-02-25
CVE-2022-24330
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-02-25
CVE-2022-24331
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
CVE-2022-25374
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved