Security News > 2024 > October > CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
2024-10-23 12:54
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result
News URL
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html
Related news
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- CISA shares guidance for Microsoft expanded logging capabilities (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-38094 | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Remote Code Execution Vulnerability | 0.0 |