VDB
CVE-2023-24955
CVE-2023-24955
PUBLISHED
KEV
Es existiert eine Schwachstelle in Microsoft SharePoint und Microsoft SharePoint Server 2019. Microsoft veröffentlicht keine weiteren Details zur Schwachstelle. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen.
EPSS 91.79% · 99.7th percentile
Risk Scores
EPSS Score
91.79%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft SharePoint Server 2019 | |
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | |
| Microsoft | Microsoft SharePoint Server Subscription Edition |
Exploit Intelligence
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- Exploit for Microsoft SharePoint 2019 (github-poc)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
…and 87 more exploits
Timeline
- May 1, 2023 Metasploit Module
- May 9, 2023 CVE Published
- May 10, 2023 EPSS Score
- Jul 8, 2023 EPSS Score
- Sep 18, 2023 EPSS Score
- Sep 26, 2023 EPSS Score
- Oct 12, 2023 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 15, 2024 EPSS Score
- Mar 26, 2024 CISA KEV Added
- Mar 26, 2024 PoC Published
- Mar 26, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1179.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1179 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html exploit