Security News > 2024 > October > CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
2024-10-23 12:54
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result
News URL
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html
Related news
- CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability (source)
- Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-38094 | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Remote Code Execution Vulnerability | 7.2 |