CVE-2019-1072
CRITICALAzure DevOps Server and Team Foundation Server - Remote Code Execution
Title source: llmDescription
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072
Scores
CVSS v3
9.8
EPSS
0.1244
EPSS Percentile
95.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (7)
microsoft/azure_devops_server
2019.0.1
microsoft/team_foundation_server
2010 sp1
microsoft/team_foundation_server
2012 4
microsoft/team_foundation_server
2013 5
microsoft/team_foundation_server
2015 4.2
microsoft/team_foundation_server
2017 3.1
microsoft/team_foundation_server
2018 1.2 (2 CPE variants)
Published
Jul 15, 2019
Tracked Since
Feb 18, 2026