CVE-2019-1072

Public PoC / Exploit (1)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

Weaknesses (CWE)

CWE-20

Affected Products (8)

microsoft · team_foundation_servervulnerable

microsoft · azure_devops_servervulnerable

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072

PatchVendor Advisory