Overview
- Description
- Microsoft SharePoint Remote Code Execution Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Known exploits
Data from CISA
- Vulnerability name
- Microsoft SharePoint Deserialization Vulnerability
- Exploit added on
- Oct 22, 2024
- Exploit action due
- Nov 12, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
- Hype score
- Not currently trending
SharePoint の 脆弱性 CVE-2024-38094:PoC 悪用による企業ネットワークへの侵入を観測 https://t.co/GtqET2Wv0H #CISA #CyberAttack #DataBreach #Exchange #Exploit #Government #HoroungAntivirus #KEV #MicrosoftExchange #MicrosoftSharePoint #PoCExploit #Ransomware #Rapid7
@iototsecnews
12 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
11 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
10 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In the latest episode of IT SPARC Cast, @John_Video and @LouDogGeek dive into the latest in IT security and automation. They cover TP-Link devices forming a massive botnet, GitHub’s AI-powered Spark for micro app creation, and a critical SharePoint vulnerability (CVE-2024-38094)…
@ITSPARCCast
8 Nov 2024
71 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-38094
@transilienceai
8 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2024-38094 in Microsoft SharePoint is a critical RCE vulnerability that allows unauthorized access to systems. Details + prevention methods + SOC Practice and TTPs in this week's #GOTOCVE program! 🔗https://t.co/ASCK0vKJ8v #CVE2024 #MicrosoftSharePoint #CyberSecurity
@soltanali0
7 Nov 2024
167 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/xkvXcYkRFY & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/myYuCCBQWd
@Scam_refundhq
7 Nov 2024
31 Impressions
6 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploiting SharePoint RCE Vulnerability to Compromise Entire Domain: https://t.co/DOM3CiyDYO Hackers exploited CVE-2024-38094, a critical RCE vulnerability in Microsoft SharePoint, to compromise an entire domain, remaining undetected for two weeks. They deployed a… https
@securityRSS
6 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SharePoint : la CVE-2024-38094 exploitée dans des cyberattaques https://t.co/oPCbT1rken
@pcsphere_
6 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
5 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft SharePointのRCE脆弱性、企業ネットワークの侵害目的で悪用される:CVE-2024-38094 https://t.co/5QNlqkCpWz #izumino_trend
@sec_trend
5 Nov 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 La vulnérabilité CVE-2024-38094 présente dans SharePoint a été exploitée pour s'introduire dans le réseau des entreprises ! 👉 Plus d'infos dans notre article : https://t.co/khhPHnKIgx #sharepoint #cybersecurite #microsoft https://t.co/khhPHnKIgx
@ITConnect_fr
5 Nov 2024
1034 Impressions
7 Retweets
9 Likes
4 Bookmarks
0 Replies
0 Quotes
🔎 Exploitation of CVE-2024-38094, a recent RCE vuln disclosed in Microsoft #SharePoint, has been observed in the wild – granting attackers initial access to corporate networks. @BleepinComputer cites Rapid7's analysis & timeline in a new piece ⤵️ https://t.co/6f4Hsjd5rq
@rapid7
4 Nov 2024
2343 Impressions
8 Retweets
17 Likes
8 Bookmarks
0 Replies
1 Quote
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/5526QrVYnO
@blackwired32799
4 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint Vulnerability Leads To Exploitation Of Entire Corporate Network Corporate networks are being initially accessed through the exploitation of CVE-2024-38094. As part of the July Patch Tuesday package, https://t.co/Ow045km1K9
@MrRajputHacker
4 Nov 2024
1351 Impressions
4 Retweets
16 Likes
8 Bookmarks
1 Reply
0 Quotes
برای محصول Microsoft SharePoint آسیب پذیری با کد شناسایی CVE-2024-38094 و از نوع RCE منتشر شده است. Sharepoint یک پلتفرم وب برای شبکه های داخلی و intranet می باشد. نمره این آسیب پذیری 7.2 بوده و توسط CISA نیز به عنوان تهدیدات شناخته شده معرفی شده است. https://t.co/Y2P1U3epiq ht
@AmirHossein_sec
4 Nov 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
「SharePoint」 脆弱性 CVE-2024-38094、今年 7 月の Patch パッケージですでに修正されているのね…。 https://t.co/sG0KSdp3Mg
@EnergyObject
4 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/wiaJXu6y5G #rhymtech #thinkcyberthinkrhym #rhymcyberupdates
@Rhym_Tech
4 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
4 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft SharePoint RCE bug exploited to breach corporate network. A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/XK4YxEirKU https://t.co/
@riskigy
3 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ITSecurity CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint that affects some versions of SharePoint Server. seems that a few have not patched their systems (maybe because only rated a 7?) and systems are getting hacked via this vector.
@seaarepea
3 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-38094 is being exploited to gain initial access to corporate networks. The attacker installed Horoung AV, this caused a conflict that disabled security on the compromised device and allowed the attacker to laterally move Links in next post 👇 https://t.co/6JU1le3bsj
@Malcoreio
3 Nov 2024
950 Impressions
2 Retweets
20 Likes
3 Bookmarks
1 Reply
1 Quote
آسیب پذیری CVE-2024-38094 در مایکروسافت شیرپوینت مورد سوء استفاده قرار گرفت! https://t.co/K9FVkXGkL8
@vulnerbyte
3 Nov 2024
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#NEW #SHARE Microsoft SharePoint RCE bug exploited to breach corporate network. A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/ndply4EqNf
@CyberSysblue
3 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint RCE Vulnerability: A Comedy of Errors in Corporate Security Hot Take: Microsoft SharePoint is currently the star of a horror movie where the villain is a high-severity RCE vulnerability known as CVE-2024-38094. It's like the bad guy that's always one step…
@TheNimbleNerd
3 Nov 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover the critical Microsoft SharePoint remote code execution vulnerability (CVE-2024-38094) that's been exploited to breach corporate networks. Stay informed about the implications and protective measures in our latest blog post. Read more at https://t.co/g6hO8ON37A.
@trubetech
2 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Vulnerabilidad en SharePoint abre la puerta a intrusos en redes corporativas Un fallo de ejecución remota de código (RCE) conocido como CVE-2024-38094 permite que atacantes accedan sin permiso a redes empresariales a través de Microsoft SharePoint. Microsoft lanzó un parch
@CycuraMX
2 Nov 2024
443 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Microsoft Sharepoint Server CVE-2024-38094 Exploited #Microsoft #SharePoint #CVE-2024-38094 #ActiveExploitation https://t.co/fGuJN5bbsT
@pravin_karthik
1 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Rapid7's Incident Response team uncovered a serious breach in which an attacker exploited a vulnerability in the on-premise SharePoint server (CVE-2024-38094) to gain unauthorized access. 🚨 Read more 🔎>> https://t.co/H3FZJhtd7m #CyberSecurity #Microsoft #SharePoint #Data
@CyberNodeAU
1 Nov 2024
92 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-38094 Exploited: Attackers Gain Domain Access via Microsoft SharePoint Server Learn about a serious compromise of a #Microsoft #SharePoint server and the importance of swift vulnerability detection and response. https://t.co/N8jVfrSlSF
@the_yellow_fall
1 Nov 2024
762 Impressions
5 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes
CISA Warns of Energetic Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) https://t.co/4w4TbAnbe9
@MachineDailyAi
31 Oct 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Microsoft SharePoint Flaw (#CVE-2024-38094): Patch Now! https://t.co/rpiIYGkygS
@UndercodeNews
29 Oct 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) https://t.co/YOJ7r5EgdK #neuco
@neucogroup
29 Oct 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New on C9Journal: Microsoft SharePoint Deserialization Vulnerability (CVE-2024-38094) ⚠️ 🔍 Overview, Impact, and Mitigation Strategies 🔒 Stay protected with best practices to block exploitation! Read more: https://t.co/Dq7NrGQ13R #Cybersecurity #InfoSec #SharePoint
@C9Journal
28 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/3DEDvrRAeV & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/IGeEiEMcn8
@BenzEcosystemHQ
28 Oct 2024
87 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
1 Quote
The severity of the Remote Code Execution - Microsoft SharePoint (CVE-2024-38094) vulnerability has increased. On October 22, the vulnerability was added to the CISA KEV, which means it was exploited in the wild. #SharePoint #Microsoft #CISAKEV ➡️ https://t.co/Oi6CBp8dlj https:/
@leonov_av
27 Oct 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA adds a high-severity flaw (CVE-2024-38094) impacting #Microsoft #SharePoint to its KEV catalogue #Cybersecurity #infosec #CyberSecMonth #ThinkB4Uclick https://t.co/NqUzQeBDwV https://t.co/N86wn7Sg95
@twelvesec
27 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
هشدار CISA در مورد آسیب پذیری مایکروسافت شیرپوینت (CVE-2024-38094) https://t.co/J7BeWNCcqy
@vulnerbyte
27 Oct 2024
9 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-9680 3 - CVE-2024-38094 4 - CVE-2024-10327 5 - CVE-2024-20412 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Oct 2024
90 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA, Microsoft SharePoint Güvenlik Açığından Aktif Olarak Yararlanıldığına Karşı Uyardı (CVE-2024-38094) https://t.co/Zb2TPmK7gu #cisa #microsoft #sharepoint #güvenlik #zaafiyet #security #vulnerability #sibermuhbir #kev #fakesite #cyberthreat #sibertehdit #google #samsung
@MuhbirSiber
27 Oct 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
美国网络安全机构 CISA 周二警告称,Microsoft SharePoint Server 中最近修补的远程代码执行 (RCE) 漏洞已被广泛利用 该问题被追踪为 CVE-2024-38094,可以通过网络利用,无需用户交互,但需要以高权限用户的身份进行身份验证 https://t.co/N0jhhq4skq
@turne85540
27 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The US Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities to their Known Exploited Vulnerabilities (KEV) database, including a Microsoft SharePoint deserialization flaw (CVE-2024-38094) that was initially disclosed in July.
@Cyber_Sec_Raj
26 Oct 2024
37 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
☠ Vulnerabilidad de alta Gravedad en Microsoft SharePoint [CVE-2024-38094] es Explotada Activamente. El riesgo de explotación es mayor gracias a una prueba de concepto que se ha hecho pública en GitHub. #Ciberseguridad #Hacking #SharePoint #Microsoft https://t.co/A0CUSx7ndB
@_Ninhack
25 Oct 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
So the objective is to corroborate the CVE-2024-38094 vulnerability existing in Sharepoint Server 2019 and to carry out this process it is necessary to install Windows Server, this is the most interesting part of Cybersecurity, which forces you to touch with a lot of complexity.
@HckSystem94_
25 Oct 2024
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
⚠️ CISA issues warning: CVE-2024-38094 vulnerability in Microsoft SharePoint is being actively exploited. Update your systems now to avoid attacks! #CyberSecurity #SharePoint #CISAWarn ⚠️ https://t.co/rBrVan9qVO
@Guardianfo82859
25 Oct 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-38094: Microsoft SharePoint Remote Code Execution Vulnerability 🔥PoC: https://t.co/8xzTthjaF4 📊 36K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/EDWFkA1VZH 👇Query HUNTER:/product.name="SharePoint Server" FOFA:… https://t.
@HunterMapping
25 Oct 2024
13567 Impressions
70 Retweets
205 Likes
120 Bookmarks
1 Reply
0 Quotes
CISA Adiciona Nova Vulnerabilidade ao Catálogo KEV: CVE-2024-38094 https://t.co/RyExbNNsiW https://t.co/4ch0oKBs3H
@DMZCast
25 Oct 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: CVE-2024-38094 This vulnerability affects Microsoft's SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. If this is something your company uses, we recommend taking action to mitigate this threat as soon as possible. htt
@TotalAssure
24 Oct 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Active Exploitation of Microsoft SharePoint Vulnerability 🚨 CISA warns of active exploitation of CVE-2024-38094, a deserialization flaw in Microsoft SharePoint allowing remote code execution. Rated 7.2 CVSS, organizations are urged to patch immediately to reduce
@shaharia_munna
24 Oct 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The CVE-2024-38094 vulnerability is a serious concern because it gives attackers with Site Owner permissions the ability to run arbitrary code on your SharePoint server! The risk of exploitation continues to grow with the proof-of-concept now out in the wild, giving a roadmap to
@ComputerIntSvc
24 Oct 2024
107 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
],
"operator": "OR"
}
]
}
]