Multiple vulnerabilities in Microsoft Developer Tools

Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability Azure DevOps Server and Team Foundation Server can be exploited remotely via specially crafted payload to spoof user interface.
2. A cross-site-scripting (XSS) vulnerability Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.
3. Unspecified Microsoft Azure can be exploited remotely to spoof user interface.
4. An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.
5. A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
6. An elevation of privilege vulnerability in Azure DevOps Server can be exploited remotely via specially crafted request to gain privileges.
7. A spoofing vulnerability in Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.

Первичный источник обнаружения

• CVE-2019-0870
  CVE-2019-0874
  CVE-2019-0869
  CVE-2019-0876
  CVE-2019-0867
  CVE-2019-0866
  CVE-2019-0815
  CVE-2019-0871
  CVE-2019-0875
  CVE-2019-0857
  CVE-2019-0868
  

Связанные продукты

• Team-Foundation-Server
• Microsoft-Azure

Список CVE

• CVE-2019-0868
  warning
• CVE-2019-0876
  warning
• CVE-2019-0870
  warning
• CVE-2019-0874
  warning
• CVE-2019-0869
  warning
• CVE-2019-0867
  warning
• CVE-2019-0875
  warning
• CVE-2019-0866
  warning
• CVE-2019-0815
  warning
• CVE-2019-0857
  warning
• CVE-2019-0871
  warning

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com