VDB
CVE-2024-38094
CVE-2024-38094
PUBLISHED
KEV
Es besteht eine Schwachstelle in Microsoft 365 Apps, Microsoft Office, Microsoft Office 2016, Microsoft Office 2019, Microsoft Outlook 2016, Microsoft SharePoint und Microsoft SharePoint Server 2019, die noch nicht im Detail veröffentlicht wurde. Ein entfernter privilegierter Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
EPSS 70.32% · 98.7th percentile
Risk Scores
EPSS Score
70.32%
98.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Office LTSC 2021 | |
| Microsoft | Microsoft SharePoint Server Subscription Edition | |
| Microsoft | Microsoft 365 Apps | |
| Microsoft | Microsoft SharePoint Server 2019 | |
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | |
| Microsoft | Microsoft Outlook 2016 | |
| Microsoft | Microsoft Office 2019 | |
| Microsoft | Microsoft Office 2016 |
Timeline
- Jul 9, 2024 CVE Published
- Jul 9, 2024 PoC Published
- Jul 10, 2024 EPSS Score
- Jul 10, 2024 PoC Published
- Jul 10, 2024 PoC Published
- Jul 10, 2024 PoC Published
- Jul 10, 2024 PoC Published
- Jul 11, 2024 PoC Published
- Jul 11, 2024 PoC Published
- Jul 12, 2024 PoC Published
- Jul 17, 2024 PoC Published
- Jul 17, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1584.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1584 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit