Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Team by Microsoft

    CVE-2019-0647 (GCVE-0-2019-0647)

    Vulnerability from nvd – Published: 2019-01-17 18:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2017 Update 3.1
    Affected: Foundation Server 2018 Update 1.2
    Affected: Foundation Server 2018 Update 3.2
    Create a notification for this product.
    Date Public
    2019-01-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106650",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106650"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2017 Update 3.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 1.2"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3.2"
                }
              ]
            }
          ],
          "datePublic": "2019-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-19T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106650",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106650"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2017 Update 3.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 1.2"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106650",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106650"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0647",
        "datePublished": "2019-01-17T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0646 (GCVE-0-2019-0646)

    Vulnerability from nvd – Published: 2019-01-17 18:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2018 Update 3.2
    Create a notification for this product.
    Date Public
    2019-01-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106651",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106651"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3.2"
                }
              ]
            }
          ],
          "datePublic": "2019-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-19T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106651",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106651"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0646",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2018 Update 3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106651",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106651"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0646",
        "datePublished": "2019-01-17T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8529 (GCVE-0-2018-8529)

    Vulnerability from nvd – Published: 2018-11-15 19:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2018 Update 1.1
    Affected: Foundation Server 2018 Update 3
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:24.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529"
              },
              {
                "name": "105910",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 1.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529"
            },
            {
              "name": "105910",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8529",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2018 Update 1.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529"
                },
                {
                  "name": "105910",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8529",
        "datePublished": "2018-11-15T19:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:24.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8602 (GCVE-0-2018-8602)

    Vulnerability from nvd – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2017 Update 3.1
    Affected: Foundation Server 2018 Update 1.1
    Affected: Foundation Server 2018 Update 3
    Affected: Foundation Server 2018 Update 3.1
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2017 Update 3.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 1.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105895",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8602",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2017 Update 3.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 1.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105895",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105895"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8602",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0646 (GCVE-0-2019-0646)

    Vulnerability from cvelistv5 – Published: 2019-01-17 18:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2018 Update 3.2
    Create a notification for this product.
    Date Public
    2019-01-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106651",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106651"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3.2"
                }
              ]
            }
          ],
          "datePublic": "2019-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-19T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106651",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106651"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0646",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2018 Update 3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106651",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106651"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0646",
        "datePublished": "2019-01-17T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0647 (GCVE-0-2019-0647)

    Vulnerability from cvelistv5 – Published: 2019-01-17 18:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2017 Update 3.1
    Affected: Foundation Server 2018 Update 1.2
    Affected: Foundation Server 2018 Update 3.2
    Create a notification for this product.
    Date Public
    2019-01-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106650",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106650"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2017 Update 3.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 1.2"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3.2"
                }
              ]
            }
          ],
          "datePublic": "2019-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-19T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106650",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106650"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2017 Update 3.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 1.2"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106650",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106650"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0647",
        "datePublished": "2019-01-17T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8529 (GCVE-0-2018-8529)

    Vulnerability from cvelistv5 – Published: 2018-11-15 19:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2018 Update 1.1
    Affected: Foundation Server 2018 Update 3
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:24.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529"
              },
              {
                "name": "105910",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105910"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 1.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529"
            },
            {
              "name": "105910",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105910"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8529",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2018 Update 1.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529"
                },
                {
                  "name": "105910",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105910"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8529",
        "datePublished": "2018-11-15T19:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:24.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8602 (GCVE-0-2018-8602)

    Vulnerability from cvelistv5 – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Team Affected: Foundation Server 2017 Update 3.1
    Affected: Foundation Server 2018 Update 1.1
    Affected: Foundation Server 2018 Update 3
    Affected: Foundation Server 2018 Update 3.1
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Team",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Foundation Server 2017 Update 3.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 1.1"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3"
                },
                {
                  "status": "affected",
                  "version": "Foundation Server 2018 Update 3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105895",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8602",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Team",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Foundation Server 2017 Update 3.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 1.1"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3"
                              },
                              {
                                "version_value": "Foundation Server 2018 Update 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \"Team Foundation Server Cross-site Scripting Vulnerability.\" This affects Team."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105895",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105895"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8602"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8602",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }