Lucene search

K
cvelistMicrosoftCVELIST:CVE-2019-1072
HistoryJul 15, 2019 - 6:56 p.m.

CVE-2019-1072

2019-07-1518:56:20
microsoft
www.cve.org
1

AI Score

9.9

Confidence

High

EPSS

0.032

Percentile

91.2%

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka ‘Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability’.

CNA Affected

[
  {
    "product": "Team Foundation Server 2012",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Update 4"
      }
    ]
  },
  {
    "product": "Team Foundation Server 2013 Update 5",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Team Foundation Server 2018",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Update 1.2"
      },
      {
        "status": "affected",
        "version": "Update 3.2"
      }
    ]
  },
  {
    "product": "Team Foundation Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2017 Update 3.1"
      }
    ]
  },
  {
    "product": "Team Foundation Server 2015",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Update 4.2"
      }
    ]
  },
  {
    "product": "Azure DevOps Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2019.0.1"
      }
    ]
  },
  {
    "product": "Team Foundation Server 2010",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "SP1 (x86)"
      },
      {
        "status": "affected",
        "version": "SP1 (x64)"
      }
    ]
  }
]

AI Score

9.9

Confidence

High

EPSS

0.032

Percentile

91.2%