CVE-2019-0971

2019-05-1618:24:57

microsoft

www.cve.org

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka ‘Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability’.

CNA Affected

[
  {
    "product": "Team Foundation Server 2018",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Update 3.2"
      }
    ]
  },
  {
    "product": "Azure DevOps Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2019"
      }
    ]
  }
]