{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T08:42:09.265","vulnerabilities":[{"cve":{"id":"CVE-2019-1306","sourceIdentifier":"secure@microsoft.com","published":"2019-09-11T22:15:19.307","lastModified":"2024-11-21T04:36:26.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'."},{"lang":"es","value":"Se presenta una vulnerabilidad de ejecución de código remota cuando Azure DevOps Server (ADO) y Team Foundation Server (TFS) no pueden comprobar la entrada apropiadamente, también se conoce como \"Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*","matchCriteriaId":"5296DF6D-D32A-4D70-9A32-441750704C9A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*","matchCriteriaId":"68601DE4-2392-42CD-8A89-720BDF100230"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*","matchCriteriaId":"CE7EFADB-24D4-4DB7-A9E5-9C93F1286232"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}