CVE-2024-38094 — Microsoft SharePoint Deserialization Vulnerability

2024-10-22 • CISA Known Exploited Vulnerability

[event] Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	Microsoft
Product	SharePoint
CWE	CWE-502
CVE ID	CVE-2024-38094
Date Added	2024-10-22
Due Date	2024-11-12
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-11-12