Cyber Resilience

CVE-2024-38094

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linkedRCE

Published: 09 July 2024

Published
09 July 2024
Modified
28 October 2025
KEV Added
22 October 2024
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7032 98.7th percentile
Risk Priority 77 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38094 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

Microsoft SharePoint contains a remote code execution vulnerability tracked as CVE-2024-38094 and assigned CWE-502 for deserialization of untrusted data. The flaw affects on-premises SharePoint deployments and carries a CVSS 3.1 base score of 7.2, reflecting network attack vector, low complexity, and the requirement for high-privileged credentials.

An authenticated attacker with administrative privileges can send a crafted request that triggers unsafe deserialization, resulting in arbitrary code execution on the SharePoint server. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability of the affected system without user interaction.

Microsoft has published an advisory detailing the affected versions and remediation steps, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The current and peak EPSS score of 0.7032 indicates sustained exploitation interest since disclosure.

Administrators should apply the vendor-supplied updates immediately and review SharePoint server configurations for any exposed administrative interfaces.

EU & UK References

Vulnerability details

Microsoft SharePoint Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
22 October 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
sharepoint server
2016, 2019, all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch that eliminates the unsafe deserialization flaw in SharePoint.

prevent

Limits assignment of the high-privilege accounts required to send the crafted deserialization requests that trigger RCE.

prevent

Enforces validation of untrusted input before deserialization, directly addressing the CWE-502 root cause.

References