CVE-2019-1306

CRITICAL

Azure DevOps Server and Team Foundation Server - Remote Code Execution via Improper Input Validation

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.1591
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
microsoft/azure_devops_server 2019 update1
microsoft/azure_devops_server 2019.0.1
microsoft/team_foundation_server 2018 3.2
Published Sep 11, 2019
Tracked Since Feb 18, 2026