CVE-2019-1306
CRITICALAzure DevOps Server and Team Foundation Server - Remote Code Execution via Improper Input Validation
Title source: llmDescription
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306
Scores
CVSS v3
9.8
EPSS
0.1591
EPSS Percentile
96.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (3)
microsoft/azure_devops_server
2019 update1
microsoft/azure_devops_server
2019.0.1
microsoft/team_foundation_server
2018 3.2
Published
Sep 11, 2019
Tracked Since
Feb 18, 2026