Team Foundation Server Remote Code Execution Vulnerability - CVE-2019-0646ID: oval:org.secpod.oval:def:50209 | Date: (C)2019-01-16 (M)2021-06-02 |
Class: VULNERABILITY | Family: windows |
The host is installed with Team Foundation Server 2018 Update 1.1 or Update 3 and is prone to a remote code execution vulnerability. The application fails to handle issues in authorization between TSF and search services. On successful exploitation, an attacker could run certain commands on the search service without basic authorization.
Platform: |
Microsoft Windows 10 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Product: |
Microsoft Visual Studio Team Foundation Server 2018 Update 3.2 |