CVE-2018-8529 - A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic

CVE-2018-8529

Summary

A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:team_foundation_server:2018:1.1:*:*:*:*:*:*
cpe:2.3:a:microsoft:team_foundation_server:2018:1.1:*:*:*:*:*:*
cpe:2.3:a:microsoft:team_foundation_server:2018:3:*:*:*:*:*:*
cpe:2.3:a:microsoft:team_foundation_server:2018:3:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	105910
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529

Last major update

03-10-2019 - 00:03

Published

15-11-2018 - 19:29

Last modified

03-10-2019 - 00:03