KLA11404
Multiple vulnerabilities in Microsoft Development Tools

Обновлено: 03/06/2020
Дата обнаружения
15/01/2019
Уровень угрозы
Warning
Описание

Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attacks.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability in Team Foundation Server can be exploited remotely via specially crafted request to perform cross-site scripting attacks;
  2. An information disclosure vulnerability in Team Foundation Server can be exploited remotely to obtain sensitive information.
Пораженные продукты

Team Foundation Server 2018 Updated 1.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2018 Update 3.2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-0646
CVE-2019-0647
Оказываемое влияние
?
OSI 
[?]
Связанные продукты
Team Foundation Server
CVE-IDS
CVE-2019-06463.5Warning
CVE-2019-06474.0Warning