CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38094

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
7.2/10
EPSS
0.8321/1

CVE-2024-38094: Microsoft SharePoint Remote Code Execution Vulnerability. This flaw allows attackers to execute arbitrary code on vulnerable SharePoint servers. With a CVSS score of 7.2, it presents a significant risk. However, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a lower level of immediate critical threat compared to vulnerabilities with SVRS scores above 80, though active exploitation is noted. Successful exploitation could lead to complete system compromise, data breaches, or denial of service. Organizations using Microsoft SharePoint should apply the necessary security patches and follow vendor advisories to mitigate potential risks and prevent unauthorized code execution. The presence of active exploits "In The Wild" increases the need for vigilance.

TAGS
In The Wild
CISA KEV
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:H
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-07-09
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint. The vulnerability allows an attacker to execute arbitrary code on a target system by sending a specially crafted request to the SharePoint server. The vulnerability has a CVSS score of 7.2, indicating a high severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) for this vulnerability is 0, indicating that it is not currently considered a critical threat.

Key Insights

  • The vulnerability is actively exploited in the wild, meaning that attackers are actively using it to target systems.
  • The vulnerability affects all versions of Microsoft SharePoint.
  • The vulnerability can be exploited remotely, meaning that an attacker does not need to have physical access to the target system.
  • The vulnerability can be used to execute arbitrary code on the target system, which could allow an attacker to take control of the system.

Mitigation Strategies

  • Apply the latest security updates from Microsoft.
  • Disable unnecessary features and services on SharePoint servers.
  • Implement a web application firewall (WAF) to block malicious requests.
  • Monitor SharePoint servers for suspicious activity.

Additional Information

If you have any further questions regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

TypeIndicatorDate
HOSTNAME
aws-data.cloud2024-10-28
HOSTNAME
aws-il.cloud2024-10-28
HOSTNAME
aws-join.cloud2024-10-28
HOSTNAME
aws-meet.cloud2024-10-28
HOSTNAME
aws-meetings.cloud2024-10-28
HOSTNAME
aws-online.cloud2024-10-28
HOSTNAME
aws-secure.cloud2024-10-28

Exploits

TitleSoftware LinkDate
Microsoft SharePoint Deserialization Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-380942024-10-22
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Microsoft Enhances Exchange & SharePoint Server Security With New Windows Antimalware Scan
Kaaviya2025-04-11
Microsoft Enhances Exchange & SharePoint Server Security With New Windows Antimalware Scan | Microsoft has announced a significant security upgrade for Exchange Server and SharePoint Server through integration with the Windows Antimalware Scan Interface (AMSI), providing critical protection for these business-critical systems that are frequent targets for cyberattacks. Exchange Server and SharePoint Server represent “crown jewels” for many organizations, making them prime targets for sophisticated threat actors.  The […] The post Microsoft Enhances Exchange & SharePoint Server Security With New Windows Antimalware
cybersecuritynews.com
rss
forum
news
Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI
Microsoft Threat Intelligence2025-04-09
Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI | Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server integrated Windows Antimalware Scan Interface (AMSI), providing an essential layer of protection by preventing harmful web requests from reaching backend endpoints. The blog outlines several attacks prevented by AMSI integration and highlights recent enhancements. The blog also provides protection and mitigation guidance and how defenders can respond
microsoft.com
rss
forum
news
CVE-2024-38094 | Microsoft SharePoint Server deserialization
vuldb.com2025-04-07
CVE-2024-38094 | Microsoft SharePoint Server deserialization | A vulnerability was found in Microsoft SharePoint Server. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2024-38094. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com
rss
forum
news
ISC StormCast for Thursday, July 11th, 2024
Dr. Johannes B. Ullrich2024-07-11
ISC StormCast for Thursday, July 11th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DBSCAN and Honeypot Data; Another SSH Vuln; URL File Exploit; Sharepoint PoC; Citrix and OpenVPN updatesFinding Honeypot Data Clusters Using DBSCAN Part 1 https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050 Second RegreSSHion Like OpenSSH Vulnerability https://lwn.net/ml/all/[email protected]/ Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112 <
sans.edu
rss
forum
news
Tageszusammenfassung - 23.10.2024
CERT.at2024-12-02
Tageszusammenfassung - 23.10.2024 | End-of-Day report Timeframe: Dienstag 22-10-2024 18:00 - Mittwoch 23-10-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Alexander Riepl News Exploit released for new Windows Server "WinReg" NTLM Relay attack Proof-of-concept exploit code is now public for a vulnerability in Microsofts Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. <a href="https://
news
cert.at
rss
forum
CISA Alerts on Ongoing Exploitation of Microsoft SharePoint Vulnerability
laseem shayifa2024-12-02
CISA Alerts on Ongoing Exploitation of Microsoft SharePoint Vulnerability | CISA reports that a vulnerability in Microsoft SharePoint is currently being exploited, enabling attackers to remotely inject code into affected versions. The post CISA Alerts on Ongoing Exploitation of Microsoft SharePoint Vulnerability appeared first on SecureReading. CISA reports that a vulnerability in Microsoft SharePoint is currently being exploited, enabling attackers to remotely inject code into affected versions
securereading.com
rss
forum
news
Data Breaches Digest - Week 43 2024
Dunkie ([email protected])2024-12-02
Data Breaches Digest - Week 43 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 21st October and 27th October 2024. 27th October <br
dbdigest.com
rss
forum
news

Social Media

We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/A37j8mjBPo &amp; apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/ZLxye85jvC
0
0
0
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/1rxfjhqfxI &amp; apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/HECfB22gnz
0
0
0
@CyberWarship Patching is key to preventing attacks like CVE-2024-38094, don't get caught slippin'
0
0
0
El método de explotación de CVE-2024-38094 fue documentado recientemente en un informe de Rapid7. En este, se revela que los atacantes han utilizado un exploit de código abierto para vulnerar servidores SharePoint desactualizados y obtener un acceso inicial https://t.co/YpOVcRvg3D
1
0
0
Hackers Exploiting SharePoint RCE Vulnerability to Compromise Entire Domain: https://t.co/DOM3CiyDYO Hackers exploited CVE-2024-38094, a critical RCE vulnerability in Microsoft SharePoint, to compromise an entire domain, remaining undetected for two weeks. They deployed a
0
0
0
SharePoint : la CVE-2024-38094 exploitée dans des cyberattaques https://t.co/oPCbT1rken
0
0
0
A now #patched #Microsoft #SharePoint #RCE #vulnerability (CVE-2024-38094) is being exploited to gain initial access to corporate networks. #Cybersecurity #infosec #cybercrime https://t.co/eOqkE8I4Z0 https://t.co/PpnnIvcyFg
0
0
0
#News - #Microsoft #SharePoint remote code execution (#RCE) vulnerability CVE-2024-38094 is being exploited to access corporate #networks With active exploitation underway, sys admins who haven't updated SharePoint since June 2024 must do so ASAP #cybersec https://t.co/nRIlDCbjcl
0
0
0
#ITSecurity CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint that affects some versions of SharePoint Server. seems that a few have not patched their systems (maybe because only rated a 7?) and systems are getting hacked via this vector.
0
0
0
Rapid7's Incident Response team uncovered a serious breach in which an attacker exploited a vulnerability in the on-premise SharePoint server (CVE-2024-38094) to gain unauthorized access. 🚨 Read more 🔎&gt;&gt; https://t.co/H3FZJhtd7m #CyberSecurity #Microsoft #SharePoint #DataBreach https://t.co/RN420lkloc
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
AppMicrosoftsharepoint_server

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
AF854A3A-2127-422B-91AE-364DA2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094
MICROSOFT SHAREPOINT REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094

CWE Details

CWE IDCWE NameDescription
CWE-502Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence