CVE-2019-1072

CRITICAL

Azure DevOps Server and Team Foundation Server - Remote Code Execution

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.1244
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (7)
microsoft/azure_devops_server 2019.0.1
microsoft/team_foundation_server 2010 sp1
microsoft/team_foundation_server 2012 4
microsoft/team_foundation_server 2013 5
microsoft/team_foundation_server 2015 4.2
microsoft/team_foundation_server 2017 3.1
microsoft/team_foundation_server 2018 1.2 (2 CPE variants)
Published Jul 15, 2019
Tracked Since Feb 18, 2026