Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2019-1072
HistoryJul 09, 2019 - 7:00 a.m.

Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability

2019-07-0907:00:00
Microsoft
msrc.microsoft.com
28

0.032 Low

EPSS

Percentile

91.2%

JSON

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account.

To exploit the vulnerability, an attacker could submit a specially crafted file to an affected server. If anonymous access is allowed to projects on an affected server, the attacker would not require authentication.

The update corrects the way that DevOps Server and TFS process certain file types.

Related

cvelist 1
prion 1
cve 1
nessus 1
qualysblog 1
kaspersky 1
threatpost 1
talosblog 1
cvelist
cvelist
CVE-2019-1072
2019-07-15 18:56:20
prion
prion
Remote code execution
2019-07-15 19:15:00
cve
cve
CVE-2019-1072
2019-07-15 19:15:00
nessus
nessus
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (July 2019)
2019-07-12 00:00:00
qualysblog
qualysblog
July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns
2019-07-09 18:12:39
kaspersky
kaspersky
KLA11513 Multiple vulnerabilities in Microsoft Developer Tools
2019-07-09 00:00:00
threatpost
threatpost
Microsoft Patches A Pair of Zero-Days Under Active Attack
2019-07-09 20:04:36
talosblog
talosblog
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
2019-07-09 11:51:34

0.032 Low

EPSS

Percentile

91.2%

JSON
Related for MS:CVE-2019-1072
cvelist1prion1cve1nessus1qualysblog1kaspersky1threatpost1talosblog1