⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-04-16.
CVE-2023-24955 — Code Injection in Microsoft Sharepoint Enterprise Server 2016
Severity
7.2HIGHNVD
EPSS
91.6%
top 0.32%
CISA KEV
KEVRansomware
Added 2024-03-26
Due 2024-04-16
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMay 9
KEV addedMar 26
KEV dueApr 16
Latest updateNov 6
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9