CVE-2023-24955
Microsoft SharePoint Server Code Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
85.4%
p100
KEV
SÍ
26 mar 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / SharePoint Server
Vulnerabilidad
Microsoft SharePoint Server Code Injection Vulnerability
Añadido a KEV
26 mar 2024
Remediar antes de
16 abr 2024
Uso conocido en ransomware
Sí
Descripción resumida
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955; https://nvd.nist.gov/vuln/detail/CVE-2023-24955