CVE-2024-38020 — Vulnetix

CVE-2024-38020 PUBLISHED

Es besteht eine Schwachstelle in Microsoft 365 Apps, Microsoft Office, Microsoft Office 2016, Microsoft Office 2019, Microsoft Outlook 2016, Microsoft SharePoint und Microsoft SharePoint Server 2019, die noch nicht im Detail veröffentlicht wurde. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.

EPSS 0.32% · 55.5th percentile

Risk Scores

EPSS Score

0.32%

55.5th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Office 2016
Microsoft	Microsoft Office LTSC 2021
Microsoft	Microsoft Outlook 2016
Microsoft	Microsoft Office 2019
Microsoft	Microsoft SharePoint Server Subscription Edition
Microsoft	Microsoft SharePoint Server 2019
Microsoft	Microsoft SharePoint Enterprise Server 2016
Microsoft	Microsoft 365 Apps

Exploit Intelligence

https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
Microsoft Outlook Spoofing Vulnerability (circl)
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC (certbund)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog (certbund)
main.cpp (github-poc)
main.cpp (github-poc)
main.cpp (github-poc)
main.cpp (github-poc)
main.cpp (github-poc)
main.cpp (github-poc)

…and 43 more exploits

Timeline

Jul 9, 2024 CVE Published
Jul 10, 2024 EPSS Score
Aug 1, 2024 EPSS Score
Aug 23, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 6, 2024 EPSS Score
Oct 28, 2024 EPSS Score
Nov 19, 2024 EPSS Score
Dec 12, 2024 EPSS Score
Jan 3, 2025 EPSS Score
Jan 25, 2025 EPSS Score
Jan 29, 2025 Coalition ESS Score

References

Open in Interactive Console →