// For flags

CVE-2024-38094

Microsoft SharePoint Deserialization Vulnerability

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

Microsoft SharePoint Remote Code Execution Vulnerability

Vulnerabilidad de ejecución remota de código de Microsoft SharePoint

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-06-11 CVE Reserved
  • 2024-07-09 CVE Published
  • 2024-07-10 First Exploit
  • 2024-10-22 CVE Updated
  • 2024-10-22 Exploited in Wild
  • 2024-11-11 EPSS Updated
  • 2024-11-12 KEV Due Date
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Sharepoint Server
Search vendor "Microsoft" for product "Sharepoint Server"
-subscription
Affected
Microsoft
Search vendor "Microsoft"
 Sharepoint Server
Search vendor "Microsoft" for product "Sharepoint Server"
 2016
Search vendor "Microsoft" for product "Sharepoint Server" and version "2016"
enterprise
Affected
Microsoft
Search vendor "Microsoft"
 Sharepoint Server
Search vendor "Microsoft" for product "Sharepoint Server"
 2019
Search vendor "Microsoft" for product "Sharepoint Server" and version "2019"
-
Affected