Lucene search
CVE-2021-28459
🗓️ 13 Apr 2021 20:20:15Reported by microsoftType 
cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 115 Views🌐 WEB
Azure DevOps Server Spoofing Vulnerability CVE-2021-2845
Show more
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting Vulnerability | 14 Apr 202100:00 | – | zdt |
 | Spoofing | 13 Apr 202120:15 | – | prion |
 | CVE-2021-28459 | 13 Apr 202120:15 | – | nvd |
 | Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting | 14 Apr 202100:00 | – | packetstorm |
 | CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability | 13 Apr 202119:33 | – | cvelist |
 | Azure DevOps Server Spoofing Vulnerability | 13 Apr 202107:00 | – | mscve |
 | Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (April 2021) | 16 Apr 202100:00 | – | nessus |
 | KLA12141 Multiple vulnerabilities in Microsoft Developer Tools | 13 Apr 202100:00 | – | kaspersky |
 | Vulristics: Microsoft Patch Tuesdays Q2 2021 | 10 Jul 202100:14 | – | avleonov |
 | Patch Tuesday - April 2021 | 13 Apr 202117:37 | – | rapid7blog |
10
Node
[
{
"vendor": "Microsoft",
"product": "Azure DevOps Server 2020.0.1",
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "2020",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| zip file | binary | /_apis/projects/{projectId}/processTemplate | Reflected cross-site scripting vulnerability due to uploading of an unsanitized process template zip file. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo13 Apr 2021 20:15Current
6.4Medium risk
Vulners AI Score6.4
CVSS24.3
CVSS36.1
EPSS0.00891