Microsoft SharePoint Vulnerability Added in CISA Known Exploits - 20241024002¶
Overview¶
The WA SOC has been made aware of a vulnerability in Microsoft SharePoint deserialisation that allows remote code execution. A threat actor with Site Owner access could use this vulnerability to inject and execute arbitrary code within SharePoint Server.
What is vulnerable?¶
Product(s) | Versions | CVE # | Severity | CVSS |
---|---|---|---|---|
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition |
16.0.0 \< 16.0.5456.1000 16.0.0 \< 16.0.10412.20001 16.0.0 \< 16.0.17328.20424 |
CVE-2024-38094 | High | 7.2 |
What has been observed?¶
There are currently no reports of these vulnerabilities being exploited in the wild at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):
- SharePoint Server 2024 https://support.microsoft.com/help/5002606
- SharePoint Server 2019 https://support.microsoft.com/help/5002615
- SharePoint Server 2016 https://support.microsoft.com/help/5002618