CVE-2019-1072

Summary

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftTeam Foundation Server 2012Update 4affected
MicrosoftTeam Foundation Server 2013 Update 5unspecifiedaffected
MicrosoftTeam Foundation Server 2018Update 1.2affected
MicrosoftTeam Foundation Server 2018Update 3.2affected
MicrosoftTeam Foundation Server2017 Update 3.1affected
MicrosoftTeam Foundation Server 2015Update 4.2affected
MicrosoftAzure DevOps Server2019.0.1affected
MicrosoftTeam Foundation Server 2010SP1 (x86)affected
MicrosoftTeam Foundation Server 2010SP1 (x64)affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References