7.2

CVE-2024-38094

Warning

Microsoft SharePoint Remote Code Execution Vulnerability

Data is provided by the National Vulnerability Database (NVD)
MicrosoftSharepoint Server Version- SwEditionsubscription
MicrosoftSharepoint Server Version2016 SwEditionenterprise
MicrosoftSharepoint Server Version2019

22.10.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft SharePoint Deserialization Vulnerability

Vulnerability

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 80.79% 0.991
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secure@microsoft.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.