Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38024

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Sharepoint Server Subscription Edition
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-38024?

A remote code execution vulnerability exists in Microsoft SharePoint Server that could allow an attacker to execute arbitrary code on the affected system. This issue arises from improper validation of user input. Successful exploitation of this vulnerability allows an attacker to gain system-level privileges and potentially full control over the SharePoint instance. It is critical for organizations using affected versions to apply patches promptly to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5456.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10412.20001

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.17328.20424

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

69% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024