KLA11404
Multiple vulnerabilities in Microsoft Development Tools
Updated: 06/26/2019
Detect date
?
01/15/2019
Severity
?
Warning
Description

Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attacks.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability in Team Foundation Server can be exploited remotely via specially crafted request to perform cross-site scripting attacks;
  2. An information disclosure vulnerability in Team Foundation Server can be exploited remotely to obtain sensitive information.
Affected products

Team Foundation Server 2018 Updated 1.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2018 Update 3.2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-0646
CVE-2019-0647

Impacts
?
OSI 
[?]
Related products
Team Foundation Server
CVE-IDS
?
Microsoft official advisories
Microsoft Security Update Guide