CVE-2024-38094
Microsoft SharePoint Deserialization Vulnerability
CVSS
—
Sin CVSS
EPSS
47.8%
p99
KEV
SÍ
22 oct 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
47.8%EPSS · 30 días55.3%
2026-06-302026-07-16
Producto
Microsoft / SharePoint
Vulnerabilidad
Microsoft SharePoint Deserialization Vulnerability
Añadido a KEV
22 oct 2024
Remediar antes de
12 nov 2024
Uso conocido en ransomware
Sí
Descripción resumida
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-49706—100.0%
KEV—80Microsoft SharePoint Improper Authentication Vulnerability—CVE-2025-49704—100.0%
KEV—80Microsoft SharePoint Code Injection Vulnerability—CVE-2025-53770—100.0%
KEV—80Microsoft SharePoint Deserialization of Untrusted Data Vulnerability—CVE-2019-0604—100.0%
KEV—80Microsoft SharePoint Remote Code Execution Vulnerability—CVE-2026-20963—98.0%
KEV—79Microsoft SharePoint Deserialization of Untrusted Data Vulnerability—