Description
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, gain privileges.
Below is a complete list of vulnerabilities:
- A cross-site-scripting (XSS) vulnerability Azure DevOps Server and Team Foundation Server can be exploited remotely via specially crafted payload to spoof user interface.
- A cross-site-scripting (XSS) vulnerability Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.
- Unspecified Microsoft Azure can be exploited remotely to spoof user interface.
- An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.
- A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
- An elevation of privilege vulnerability in Azure DevOps Server can be exploited remotely via specially crafted request to gain privileges.
- A spoofing vulnerability in Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.
Original advisories
- CVE-2019-0874
- CVE-2019-0869
- CVE-2019-0876
- CVE-2019-0867
- CVE-2019-0866
- CVE-2019-0815
- CVE-2019-0871
- CVE-2019-0875
- CVE-2019-0857
- CVE-2019-0868
Related products
CVE list
- CVE-2019-0868 warning
- CVE-2019-0876 warning
- CVE-2019-0870 warning
- CVE-2019-0874 warning
- CVE-2019-0869 warning
- CVE-2019-0867 warning
- CVE-2019-0875 warning
- CVE-2019-0866 warning
- CVE-2019-0815 warning
- CVE-2019-0857 warning
- CVE-2019-0871 warning
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!