The US CISA has added Microsoft SharePoint vulnerability to its Known Exploited Vulnerability Catalog based on the evidence of active exploitation
CVE-2024-38094
With a CVSS score of 7.2, Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. An authenticated attacker with site owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.
CISA has set November 12, 2024, as a remediation timeline for federal agencies.
