All the vulnerabilites related to Microsoft - Team Foundation Server 2010
cve-2019-1072
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
Summary
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 4"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 4.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019.0.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2010",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "SP1 (x86)"
            },
            {
              "status": "affected",
              "version": "SP1 (x64)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-15T18:56:20",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1072",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server 2012",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2013 Update 5",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2015",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 4.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2010",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SP1 (x86)"
                          },
                          {
                            "version_value": "SP1 (x64)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1072",
    "datePublished": "2019-07-15T18:56:20",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}