Jul 2019:
CVE-2019-1072 Published on July 15, 2019

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

NVD

Products Associated with CVE-2019-1072

stack.watch emails you whenever new vulnerabilities are published in Microsoft Team Foundation Server or Microsoft Azure Devops Server. Just hit a watch button to start following.

Microsoft Team Foundation Server

Microsoft Azure Devops Server

Affected Versions

Microsoft Team Foundation Server 2012:

Version Update 4 is affected.

Microsoft Team Foundation Server 2013 Update 5:

Version unspecified is affected.

Microsoft Team Foundation Server 2018:

Version Update 1.2 is affected.
Version Update 3.2 is affected.

Microsoft Team Foundation Server:

Version 2017 Update 3.1 is affected.

Microsoft Team Foundation Server 2015:

Version Update 4.2 is affected.

Microsoft Azure DevOps Server:

Version 2019.0.1 is affected.

Microsoft Team Foundation Server 2010:

Version SP1 (x86) is affected.
Version SP1 (x64) is affected.

Exploit Probability

EPSS

24.11%

Percentile

95.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jul 2019: CVE-2019-1072 Published on July 15, 2019

Products Associated with CVE-2019-1072

Affected Versions

Exploit Probability

Jul 2019:
CVE-2019-1072 Published on July 15, 2019