CVE-2024-38094
Published: 09 July 2024
Summary
CVE-2024-38094 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft SharePoint contains a remote code execution vulnerability tracked as CVE-2024-38094 and assigned CWE-502 for deserialization of untrusted data. The flaw affects on-premises SharePoint deployments and carries a CVSS 3.1 base score of 7.2, reflecting network attack vector, low complexity, and the requirement for high-privileged credentials.
An authenticated attacker with administrative privileges can send a crafted request that triggers unsafe deserialization, resulting in arbitrary code execution on the SharePoint server. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability of the affected system without user interaction.
Microsoft has published an advisory detailing the affected versions and remediation steps, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The current and peak EPSS score of 0.7032 indicates sustained exploitation interest since disclosure.
Administrators should apply the vendor-supplied updates immediately and review SharePoint server configurations for any exposed administrative interfaces.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37782
Vulnerability details
Microsoft SharePoint Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 22 October 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch that eliminates the unsafe deserialization flaw in SharePoint.
Limits assignment of the high-privilege accounts required to send the crafted deserialization requests that trigger RCE.
Enforces validation of untrusted input before deserialization, directly addressing the CWE-502 root cause.