Security News > 2024 > January > Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
2024-01-12 06:35
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain
News URL
https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html
Related news
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |