CVE-2018-8529

4 documents4 sources

Severity

9.8CRITICAL

EPSS

29.6%

top 3.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Team Microsoft Team Foundation Server

Timeline

PublishedNov 15

Latest updateMay 13

Description

A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/team_foundation_server2018

▶CVEListV5microsoft/teamFoundation Server 2018 Update 1.1, Foundation Server 2018 Update 3+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-g635-3cv2-g7jq: A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TF↗2022-05-13

▶

CVEList

CVE-2018-8529: A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TF↗2018-11-15

▶

📋Vendor Advisories

Microsoft

Team Foundation Server Remote Code Execution Vulnerability↗2018-11-13

▶