VDB
CVE-2019-1072
CVE-2019-1072
PUBLISHED
CVSS 7.5 HIGH
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
EPSS 24.11% · 96.2th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
24.11%
96.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Team Foundation Server 2013 Update 5 | unspecified |
| Microsoft | Team Foundation Server 2015 | Update 4.2 |
| microsoft | team_foundation_server | 2017, 2018, 2018 |
| Microsoft | Team Foundation Server 2018 | Update 3.2, Update 1.2 |
| Microsoft | Team Foundation Server 2012 | Update 4 |
| Microsoft | Team Foundation Server 2010 | SP1 (x64), SP1 (x86) |
| Microsoft | Azure DevOps Server | 2019.0.1 |
| microsoft | azure_devops_server | 2019.0.1 |
| Microsoft | Team Foundation Server | 2017 Update 3.1 |
Exploit Intelligence
Timeline
- Jul 10, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Mar 8, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 9, 2023 EPSS Score
- Mar 11, 2023 EPSS Score