Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 12, 2024

CVE-2024-38094

High
EPSS 64.3%CISA KEVRansomware
Microsoft/SharePoint

Description

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

EPSS — Exploit Probability

64.3%

Higher than 98.4% of all CVEs

Required Action

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094

Risk Assessment

CRITICAL
In CISA KEV
High EPSS
Ransomware

Details

Severity
High
EPSS
64.3%
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

Oct 22, 2024

Added to KEV

Oct 22, 2024

Remediation Due

Nov 12, 2024

Affected Product

Microsoft

SharePoint

View all Microsoft CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE