All the vulnerabilites related to Microsoft - Team Foundation Server
cve-2019-0866
Vulnerability from cvelistv5
Published
2019-04-09 20:19
Modified
2024-08-04 17:58
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Azure DevOps Server Version: 2019
Microsoft Team Foundation Server 2015 Version: Update 4.2
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
          },
          {
            "name": "107749",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T22:06:03",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
        },
        {
          "name": "107749",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0866",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2015",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
            },
            {
              "name": "107749",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0866",
    "datePublished": "2019-04-09T20:19:48",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0979
Vulnerability from cvelistv5
Published
2019-05-16 18:24
Modified
2024-08-04 18:06
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Azure DevOps Server Version: 2019
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:29.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0872."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T18:24:57",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0979",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0872."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0979",
    "datePublished": "2019-05-16T18:24:57",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:29.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0872
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Azure DevOps Server Version: 2019
Microsoft Team Foundation Server 2015 Version: Update 4.2
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0979."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T18:17:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2015",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0979."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0872",
    "datePublished": "2019-05-16T18:17:01",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-0758
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server Version: 2017 Update 3.1
Microsoft Azure DevOps Server Version: 2019.0.1
Microsoft Azure DevOps Server 2019 Version: Update 1
Microsoft Azure DevOps Server 2019 Update 1.1 Version: unspecified
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:05.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019.0.1"
            }
          ]
        },
        {
          "product": "Azure DevOps Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1"
            }
          ]
        },
        {
          "product": "Azure DevOps Server 2019 Update 1.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-12T15:48:05",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0758",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server 2019 Update 1.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0758",
    "datePublished": "2020-03-12T15:48:05",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:11:05.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0870
Vulnerability from cvelistv5
Published
2019-04-09 20:20
Modified
2024-08-04 17:58
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Azure DevOps Server Version: 2019
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.581Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
          },
          {
            "name": "107754",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107754"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T21:06:06",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
        },
        {
          "name": "107754",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107754"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
            },
            {
              "name": "107754",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107754"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0870",
    "datePublished": "2019-04-09T20:20:34",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-0700
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 3.2
Version: Update 1.2
Microsoft Team Foundation Server Version: 2017 Update 3.1
Microsoft Azure DevOps Server 2019 Version: Update 1
Microsoft Azure DevOps Server 2019 Update 1.1 Version: unspecified
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:05.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019.0.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 3.2"
            },
            {
              "status": "affected",
              "version": "Update 1.2"
            }
          ]
        },
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Azure DevOps Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1"
            }
          ]
        },
        {
          "product": "Azure DevOps Server 2019 Update 1.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-12T15:48:04",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0700",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 3.2"
                          },
                          {
                            "version_value": "Update 1.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server 2019 Update 1.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0700",
    "datePublished": "2020-03-12T15:48:04",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:11:05.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0868
Vulnerability from cvelistv5
Published
2019-04-09 20:19
Modified
2024-08-04 17:58
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Azure DevOps Server Version: 2019
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
          },
          {
            "name": "107753",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107753"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T22:06:03",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
        },
        {
          "name": "107753",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107753"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
            },
            {
              "name": "107753",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107753"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0868",
    "datePublished": "2019-04-09T20:19:48",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1305
Vulnerability from cvelistv5
Published
2019-09-11 21:25
Modified
2024-08-04 18:13
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Team Foundation Server 2015 Version: Update 4.2
Microsoft Azure DevOps Server Version: 2019.0.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:13:30.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 4.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-11T21:25:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2015",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 4.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1305",
    "datePublished": "2019-09-11T21:25:01",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:13:30.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1072
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
Summary
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2013 Update 5 Version: unspecified
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Team Foundation Server Version: 2017 Update 3.1
Microsoft Team Foundation Server 2015 Version: Update 4.2
Microsoft Azure DevOps Server Version: 2019.0.1
Microsoft Team Foundation Server 2010 Version: SP1 (x86)
Version: SP1 (x64)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 4"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 4.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019.0.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2010",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "SP1 (x86)"
            },
            {
              "status": "affected",
              "version": "SP1 (x64)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-15T18:56:20",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1072",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server 2012",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2013 Update 5",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2015",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 4.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2010",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SP1 (x86)"
                          },
                          {
                            "version_value": "SP1 (x64)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1072",
    "datePublished": "2019-07-15T18:56:20",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0871
Vulnerability from cvelistv5
Published
2019-04-09 20:20
Modified
2024-08-04 17:58
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server 2018 Version: Update 1.2
Version: Update 3.2
Microsoft Azure DevOps Server Version: 2019
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.894Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
          },
          {
            "name": "107755",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107755"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        },
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Azure DevOps Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T21:06:06",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
        },
        {
          "name": "107755",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107755"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0871",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Azure DevOps Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
            },
            {
              "name": "107755",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107755"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0871",
    "datePublished": "2019-04-09T20:20:34",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0777
Vulnerability from cvelistv5
Published
2019-04-09 02:07
Modified
2024-08-04 17:58
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Impacted products
Vendor Product Version
Microsoft Team Foundation Server Version: 2017 Update 3.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:57.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team Foundation Server 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Update 1.2"
            },
            {
              "status": "affected",
              "version": "Update 3.2"
            }
          ]
        },
        {
          "product": "Team Foundation Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Update 3.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T02:07:26",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0777",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team Foundation Server 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Update 1.2"
                          },
                          {
                            "version_value": "Update 3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Team Foundation Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Update 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0777",
    "datePublished": "2019-04-09T02:07:26",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:57.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}