Unrated severityNVD Advisory· Published Jul 15, 2019· Updated Aug 4, 2024

CVE-2019-1072

Description

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

Affected products

Microsoft/Azure DevOps Serverllm-fuzzy
Microsoft/Team Foundation Serverllm-fuzzy
Microsoft/Azure Devopscpe-rescue
Range: 2019.0.1
Microsoft/Visual Studio Team Foundation Servercpe-rescue5 versions
2017 Update 3.1+ 4 more
- (no CPE)range: 2017 Update 3.1
- (no CPE)range: SP1 (x86)
- (no CPE)range: Update 4
- (no CPE)range: Update 4.2
- (no CPE)range: Update 1.2
Microsoft/Team Foundation Server 2013 Update 5v5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000