Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability - CVE-2019-1072| ID: oval:org.secpod.oval:def:57358 | Date: (C)2019-07-11 (M)2023-03-02 |
| Class: VULNERABILITY | Family: windows |
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account. To exploit the vulnerability, an attacker could submit a specially crafted file to an affected server. If anonymous access is allowed to projects on an affected server, the attacker would not require authentication.
| Platform: |
| Microsoft Windows 10 |
| Microsoft Windows Server 2012 |
| Microsoft Windows Server 2012 R2 |
| Microsoft Windows Server 2016 |
| Microsoft Windows Server 2019 |
| Microsoft Windows Server 2022 |
| Product: |
| Azure DevOps Server 2019 |
| Microsoft Visual Studio Team Foundation Server 2010 |
| Microsoft Visual Studio Team Foundation Server 2012 |
| Microsoft Visual Studio Team Foundation Server 2013 |
| Microsoft Visual Studio Team Foundation Server 2015 Update 4.2 |
| Microsoft Visual Studio Team Foundation Server 2018 Update 1.2 |
| Microsoft Visual Studio Team Foundation Server 2018 Update 3.2 |
| Microsoft Visual Studio Team Foundation Server 2017 Update 3.1 |
