CVE-2024-38094
7.2HIGHMicrosoft SharePoint Remote Code Execution Vulnerability
Published: 7/9/2024Updated: 10/28/2025
CISA Known Exploited Vulnerability
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
Required Action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date:
2024-11-12
Known Ransomware Use
Description
Microsoft SharePoint Remote Code Execution Vulnerability
AI AnalysisPowered by AI
Affected Products
microsoftsharepoint_server
-
microsoftsharepoint_server
2016
microsoftsharepoint_server
2019
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094PatchVendor Advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094PatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38094US Government Resource