- Description
- Microsoft SharePoint Remote Code Execution Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- sharepoint_server
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft SharePoint Deserialization Vulnerability
- Exploit added on
- Oct 22, 2024
- Exploit action due
- Nov 12, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/uJNlUSuOLy & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/gLt0fFLSHN
@TrustG_Refund
6 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/uJNlUSuOLy & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/6DkF1MOzEF
@TrustG_Refund
1 Sept 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/nA0StpqH2R & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/ULXuiw5KoO
@TACTICALREFUND1
29 Jun 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログで、以下の脆弱性の悪用が確認された。 - WindowsのCVE-2018-8639, CVE-2024-30051 - SharePointのCVE-2024-38094 また、Ivanti社VPN製品群のCVE-2025-22457では、要求対策がハンティングを含むものに変更。 https://t.co/wQDUw2hGxs
@__kokumoto
7 Apr 2025
1130 Impressions
0 Retweets
6 Likes
4 Bookmarks
0 Replies
0 Quotes
🚀 پیادهسازی و اکسپلویت سه آسیبپذیری جذاب Microsoft SharePoint 🎯 🔹 CVE-2024-38094 🔹 CVE-2024-38024 🔹 CVE-2024-38023 جزئیات کامل و PoC در کانال تلگرام: 📎 https://t.co/hzuyBCmUtd 👾 آماده یادگیری و تحلیل باشید! #CyberSecurity #GOTOCVE
@soltanali0
13 Dec 2024
281 Impressions
4 Retweets
14 Likes
4 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
23 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
19 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
17 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SharePoint の 脆弱性 CVE-2024-38094:PoC 悪用による企業ネットワークへの侵入を観測 https://t.co/GtqET2Wv0H #CISA #CyberAttack #DataBreach #Exchange #Exploit #Government #HoroungAntivirus #KEV #MicrosoftExchange #MicrosoftSharePoint #PoCExploit #Ransomware #Rapid7
@iototsecnews
12 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
11 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
10 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In the latest episode of IT SPARC Cast, @John_Video and @LouDogGeek dive into the latest in IT security and automation. They cover TP-Link devices forming a massive botnet, GitHub’s AI-powered Spark for micro app creation, and a critical SharePoint vulnerability (CVE-2024-38094)…
@ITSPARCCast
8 Nov 2024
71 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-38094
@transilienceai
8 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2024-38094 in Microsoft SharePoint is a critical RCE vulnerability that allows unauthorized access to systems. Details + prevention methods + SOC Practice and TTPs in this week's #GOTOCVE program! 🔗https://t.co/ASCK0vKJ8v #CVE2024 #MicrosoftSharePoint #CyberSecurity
@soltanali0
7 Nov 2024
167 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/xkvXcYkRFY & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/myYuCCBQWd
@Scam_refundhq
7 Nov 2024
31 Impressions
6 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploiting SharePoint RCE Vulnerability to Compromise Entire Domain: https://t.co/DOM3CiyDYO Hackers exploited CVE-2024-38094, a critical RCE vulnerability in Microsoft SharePoint, to compromise an entire domain, remaining undetected for two weeks. They deployed a… https
@securityRSS
6 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SharePoint : la CVE-2024-38094 exploitée dans des cyberattaques https://t.co/oPCbT1rken
@pcsphere_
6 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
5 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft SharePointのRCE脆弱性、企業ネットワークの侵害目的で悪用される:CVE-2024-38094 https://t.co/5QNlqkCpWz #izumino_trend
@sec_trend
5 Nov 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 La vulnérabilité CVE-2024-38094 présente dans SharePoint a été exploitée pour s'introduire dans le réseau des entreprises ! 👉 Plus d'infos dans notre article : https://t.co/khhPHnKIgx #sharepoint #cybersecurite #microsoft https://t.co/khhPHnKIgx
@ITConnect_fr
5 Nov 2024
1034 Impressions
7 Retweets
9 Likes
4 Bookmarks
0 Replies
0 Quotes
🔎 Exploitation of CVE-2024-38094, a recent RCE vuln disclosed in Microsoft #SharePoint, has been observed in the wild – granting attackers initial access to corporate networks. @BleepinComputer cites Rapid7's analysis & timeline in a new piece ⤵️ https://t.co/6f4Hsjd5rq
@rapid7
4 Nov 2024
2343 Impressions
8 Retweets
17 Likes
8 Bookmarks
0 Replies
1 Quote
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/5526QrVYnO
@blackwired32799
4 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint Vulnerability Leads To Exploitation Of Entire Corporate Network Corporate networks are being initially accessed through the exploitation of CVE-2024-38094. As part of the July Patch Tuesday package, https://t.co/Ow045km1K9
@MrRajputHacker
4 Nov 2024
1351 Impressions
4 Retweets
16 Likes
8 Bookmarks
1 Reply
0 Quotes
برای محصول Microsoft SharePoint آسیب پذیری با کد شناسایی CVE-2024-38094 و از نوع RCE منتشر شده است. Sharepoint یک پلتفرم وب برای شبکه های داخلی و intranet می باشد. نمره این آسیب پذیری 7.2 بوده و توسط CISA نیز به عنوان تهدیدات شناخته شده معرفی شده است. https://t.co/Y2P1U3epiq ht
@AmirHossein_sec
4 Nov 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
「SharePoint」 脆弱性 CVE-2024-38094、今年 7 月の Patch パッケージですでに修正されているのね…。 https://t.co/sG0KSdp3Mg
@EnergyObject
4 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/wiaJXu6y5G #rhymtech #thinkcyberthinkrhym #rhymcyberupdates
@Rhym_Tech
4 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38094
@transilienceai
4 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft SharePoint RCE bug exploited to breach corporate network. A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/XK4YxEirKU https://t.co/
@riskigy
3 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ITSecurity CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint that affects some versions of SharePoint Server. seems that a few have not patched their systems (maybe because only rated a 7?) and systems are getting hacked via this vector.
@seaarepea
3 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-38094 is being exploited to gain initial access to corporate networks. The attacker installed Horoung AV, this caused a conflict that disabled security on the compromised device and allowed the attacker to laterally move Links in next post 👇 https://t.co/6JU1le3bsj
@Malcoreio
3 Nov 2024
950 Impressions
2 Retweets
20 Likes
3 Bookmarks
1 Reply
1 Quote
آسیب پذیری CVE-2024-38094 در مایکروسافت شیرپوینت مورد سوء استفاده قرار گرفت! https://t.co/K9FVkXGkL8
@vulnerbyte
3 Nov 2024
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#NEW #SHARE Microsoft SharePoint RCE bug exploited to breach corporate network. A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. https://t.co/ndply4EqNf
@CyberSysblue
3 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint RCE Vulnerability: A Comedy of Errors in Corporate Security Hot Take: Microsoft SharePoint is currently the star of a horror movie where the villain is a high-severity RCE vulnerability known as CVE-2024-38094. It's like the bad guy that's always one step…
@TheNimbleNerd
3 Nov 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover the critical Microsoft SharePoint remote code execution vulnerability (CVE-2024-38094) that's been exploited to breach corporate networks. Stay informed about the implications and protective measures in our latest blog post. Read more at https://t.co/g6hO8ON37A.
@trubetech
2 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Vulnerabilidad en SharePoint abre la puerta a intrusos en redes corporativas Un fallo de ejecución remota de código (RCE) conocido como CVE-2024-38094 permite que atacantes accedan sin permiso a redes empresariales a través de Microsoft SharePoint. Microsoft lanzó un parch
@CycuraMX
2 Nov 2024
443 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Microsoft Sharepoint Server CVE-2024-38094 Exploited #Microsoft #SharePoint #CVE-2024-38094 #ActiveExploitation https://t.co/fGuJN5bbsT
@pravin_karthik
1 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Rapid7's Incident Response team uncovered a serious breach in which an attacker exploited a vulnerability in the on-premise SharePoint server (CVE-2024-38094) to gain unauthorized access. 🚨 Read more 🔎>> https://t.co/H3FZJhtd7m #CyberSecurity #Microsoft #SharePoint #Data
@CyberNodeAU
1 Nov 2024
92 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-38094 Exploited: Attackers Gain Domain Access via Microsoft SharePoint Server Learn about a serious compromise of a #Microsoft #SharePoint server and the importance of swift vulnerability detection and response. https://t.co/N8jVfrSlSF
@the_yellow_fall
1 Nov 2024
762 Impressions
5 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes
CISA Warns of Energetic Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) https://t.co/4w4TbAnbe9
@MachineDailyAi
31 Oct 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Microsoft SharePoint Flaw (#CVE-2024-38094): Patch Now! https://t.co/rpiIYGkygS
@UndercodeNews
29 Oct 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) https://t.co/YOJ7r5EgdK #neuco
@neucogroup
29 Oct 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New on C9Journal: Microsoft SharePoint Deserialization Vulnerability (CVE-2024-38094) ⚠️ 🔍 Overview, Impact, and Mitigation Strategies 🔒 Stay protected with best practices to block exploitation! Read more: https://t.co/Dq7NrGQ13R #Cybersecurity #InfoSec #SharePoint
@C9Journal
28 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added #Microsoft #SharePoint deserialization vulnerability CVE-2024-38094 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/3DEDvrRAeV & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/IGeEiEMcn8
@BenzEcosystemHQ
28 Oct 2024
87 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
1 Quote
The severity of the Remote Code Execution - Microsoft SharePoint (CVE-2024-38094) vulnerability has increased. On October 22, the vulnerability was added to the CISA KEV, which means it was exploited in the wild. #SharePoint #Microsoft #CISAKEV ➡️ https://t.co/Oi6CBp8dlj https:/
@leonov_av
27 Oct 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA adds a high-severity flaw (CVE-2024-38094) impacting #Microsoft #SharePoint to its KEV catalogue #Cybersecurity #infosec #CyberSecMonth #ThinkB4Uclick https://t.co/NqUzQeBDwV https://t.co/N86wn7Sg95
@twelvesec
27 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
هشدار CISA در مورد آسیب پذیری مایکروسافت شیرپوینت (CVE-2024-38094) https://t.co/J7BeWNCcqy
@vulnerbyte
27 Oct 2024
9 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-9680 3 - CVE-2024-38094 4 - CVE-2024-10327 5 - CVE-2024-20412 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Oct 2024
90 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA, Microsoft SharePoint Güvenlik Açığından Aktif Olarak Yararlanıldığına Karşı Uyardı (CVE-2024-38094) https://t.co/Zb2TPmK7gu #cisa #microsoft #sharepoint #güvenlik #zaafiyet #security #vulnerability #sibermuhbir #kev #fakesite #cyberthreat #sibertehdit #google #samsung
@MuhbirSiber
27 Oct 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
美国网络安全机构 CISA 周二警告称,Microsoft SharePoint Server 中最近修补的远程代码执行 (RCE) 漏洞已被广泛利用 该问题被追踪为 CVE-2024-38094,可以通过网络利用,无需用户交互,但需要以高权限用户的身份进行身份验证 https://t.co/N0jhhq4skq
@turne85540
27 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The US Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities to their Known Exploited Vulnerabilities (KEV) database, including a Microsoft SharePoint deserialization flaw (CVE-2024-38094) that was initially disclosed in July.
@cyber_sec_raj
26 Oct 2024
37 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
],
"operator": "OR"
}
]
}
]