Security News > 2024 > March > Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
2024-03-28 10:20

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16. As per usual, details about the attack in which the flaw is leveraged have not been shared. About CVE-2023-24955 and CVE-2023-29357 CVE-2023-24955 and CVE-2023-29357, a … More → The post Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/03/28/cve-2023-24955-exploited/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-29357 Unspecified vulnerability in Microsoft Sharepoint Server 2019
Microsoft SharePoint Server Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2023-05-09 CVE-2023-24955 Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
Microsoft SharePoint Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-94
7.2
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 383 52 1433 2959 181 4625