← Back

CVE-2019-1072

nvd nist
Published: Jul 15, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

Affected (8)

Microsoft
2 products
Azure Devops Server
Team Foundation Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Azure Devops Server
Version 2019.0.1
Microsoft
Team Foundation Server
Version 2010 sp1
Team Foundation Server
Version 2012 4
Team Foundation Server
Version 2013 5
Team Foundation Server
Version 2015 4.2
Team Foundation Server
Version 2017 3.1
Team Foundation Server
Version 2018 1.2
Team Foundation Server
Version 2018 3.2

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.