KLA11404
Multiple vulnerabilities in Microsoft Development Tools

Updated: 06/03/2020

Detect date ?	01/15/2019
Severity ?	Warning
Description	Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attacks. Below is a complete list of vulnerabilities: A cross-site-scripting (XSS) vulnerability in Team Foundation Server can be exploited remotely via specially crafted request to perform cross-site scripting attacks; An information disclosure vulnerability in Team Foundation Server can be exploited remotely to obtain sensitive information.
Affected products	Team Foundation Server 2018 Updated 1.2 Team Foundation Server 2017 Update 3.1 Team Foundation Server 2018 Update 3.2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-0646 CVE-2019-0647
Impacts ?	OSI [?]
Related products	Team Foundation Server
CVE-IDS ?	CVE-2019-06463.5Warning CVE-2019-06474.0Warning
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11404Multiple vulnerabilities in Microsoft Development Tools