Main Vulnerability Database Vulnerabilities #VU36008

#VU36008 Input validation error in Azure DevOps Server - CVE-2019-0857

Published: April 9, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36008

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-0857

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Azure DevOps Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/107760
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0857

#VU36008 Input validation error in Azure DevOps Server - CVE-2019-0857

Description

Remediation

External links

Please verify you're human