⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-11-12.

CVE-2024-38094 — Deserialization of Untrusted Data in Microsoft Sharepoint Enterprise Server 2016

CWE-502 — Deserialization of Untrusted Data9 documents8 sources

Severity

7.2HIGHNVD

EPSS

64.3%

top 1.55%

CISA KEV

KEVRansomware

Added 2024-10-22

Due 2024-11-12

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition +1 more

Timeline

PublishedJul 9

KEV addedOct 22

Latest updateNov 6

KEV dueNov 12

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5microsoft/microsoft_sharepoint_server_201916.0.0 — 16.0.10412.20001

▶CVEListV5microsoft/microsoft_sharepoint_enterprise_server_201616.0.0 — 16.0.5456.1000

▶CVEListV5microsoft/microsoft_sharepoint_server_subscription_edition16.0.0 — 16.0.17328.20424

▶NVDmicrosoft/sharepoint_server2016, 2019+1

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-whmw-hq6p-c3w4: Microsoft SharePoint Remote Code Execution Vulnerability↗2024-07-09

▶

CVEList

Microsoft SharePoint Remote Code Execution Vulnerability↗2024-07-09

▶

VulnCheck

Microsoft SharePoint Deserialization Vulnerability↗2024

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Microsoft Sharepoint BDCM File Creation (CVE-2024-38094)↗2024-11-06

▶

Suricata

ET WEB_SPECIFIC_APPS Microsoft Sharepoint BDCM Execution (CVE-2024-38094)↗2024-11-06

▶

📋Vendor Advisories

CISA

Microsoft SharePoint Deserialization Vulnerability↗2024-10-22

▶

Microsoft

Microsoft SharePoint Remote Code Execution Vulnerability↗2024-07-09

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft SharePoint RCE bug exploited to breach corporate network↗2024-11-02

▶