[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

127571

 
 

909

 
 

105400

 
 

152

Paid content will be excluded from the download.


Download | Alert*
OVAL

Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability - CVE-2019-1072

ID: oval:org.secpod.oval:def:57358Date: (C)2019-07-11   (M)2019-07-18
Class: VULNERABILITYFamily: windows




A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account. To exploit the vulnerability, an attacker could submit a specially crafted file to an affected server. If anonymous access is allowed to projects on an affected server, the attacker would not require authentication.

Platform:
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Product:
Azure DevOps Server 2019
Microsoft Visual Studio Team Foundation Server 2010
Microsoft Visual Studio Team Foundation Server 2012
Microsoft Visual Studio Team Foundation Server 2013
Microsoft Visual Studio Team Foundation Server 2015 Update 4.2
Microsoft Visual Studio Team Foundation Server 2018 Update 1.2
Microsoft Visual Studio Team Foundation Server 2018 Update 3.2
Microsoft Visual Studio Team Foundation Server 2017 Update 3.1
Reference:
CVE-2019-1072
CVE    1
CVE-2019-1072
CPE    11
cpe:/a:microsoft:visual_studio_team_foundation_server:2015:u4.2
cpe:/a:microsoft:visual_studio_team_foundation_server:2010:sp1
cpe:/a:microsoft:visual_studio_team_foundation_server:2010
cpe:/a:microsoft:visual_studio_team_foundation_server:2018:u1.2
...

© SecPod Technologies