{"api_version":"1","generated_at":"2026-05-15T09:16:13+00:00","cve":"CVE-2018-8529","urls":{"html":"https://cve.report/CVE-2018-8529","api":"https://cve.report/api/cve/CVE-2018-8529.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8529","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8529"},"summary":{"title":"CVE-2018-8529","description":"A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-11-15 19:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105910","name":"105910","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Team Foundation Server CVE-2018-8529 Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8529","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8529","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8529","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"team_foundation_server","cpe6":"2018","cpe7":"1.1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8529","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"team_foundation_server","cpe6":"2018","cpe7":"3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8529","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"team_foundation_server","cpe6":"2018","cpe7":"1.1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8529","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"team_foundation_server","cpe6":"2018","cpe7":"3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8529","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Team","version":{"version_data":[{"version_value":"Foundation Server 2018 Update 1.1"},{"version_value":"Foundation Server 2018 Update 3"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote Code Execution"}]}]},"references":{"reference_data":[{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529"},{"name":"105910","refsource":"BID","url":"http://www.securityfocus.com/bid/105910"}]}},"nvd":{"publishedDate":"2018-11-15 19:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:team_foundation_server:2018:1.1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:team_foundation_server:2018:3:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8529","Ordinal":"124884","Title":"CVE-2018-8529","CVE":"CVE-2018-8529","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8529","Ordinal":"1","NoteData":"A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8529","Ordinal":"2","NoteData":"2018-11-15","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8529","Ordinal":"3","NoteData":"2018-11-16","Type":"Other","Title":"Modified"}]}}}